Iranian hackers compromised a federal agency’s network, CISA and FBI say

Actors linked with the Iranian government were able to exploit an unpatched Log4Shell vulnerability—which the Cybersecurity and Infrastructure Security Agency asked agencies to address by the end of 2021—in an unnamed agency’s network.

Deadline looms for plan to restart economy in case of major cyberattack

Lawmakers have been urging the Biden administration to develop a strategy first mandated in the Fiscal 2021 NDAA.

Breaches of personal data at DOD have doubled since 2015

A recent oversight report detailed that the Defense Department experienced nearly 1,900 breaches of personally identifiable information in 2021 and may need a better system for informing affected individuals.

No ‘specific or credible’ cyber threats affected integrity of midterms, CISA says

Despite “a handful” of DDoS attacks targeting state and local election websites and some technical glitches affecting voting equipment, CISA says it saw “no activity” that should undermine faith in the results of the midterm elections.

CISA, NSA and industry outline security responsibilities of software suppliers

New guidance from the federal agencies—and major companies serving the government—tries to distinguish between the security duties of software developers, suppliers and consumers.

Former CISA chief warns of ‘very chaotic environment’ ahead of midterms

Chris Krebs said those hoping to undermine confidence in U.S. elections may have their best shot yet during this week’s midterm vote.

Almost half of phishing attacks target gov employees, research says

Traditionally aimed at stealing credentials, phishing attacks are growing increasingly sophisticated.

NIST on tap to improve cybersecurity of water systems

The National Institute of Standards and Technology (NIST) hopes a new project will create a set of best practices to help the nation’s complex water and wastewater systems bolster their cybersecurity posture.

Energy official urges CISA to develop storehouse for software bills of materials

A senior cybersecurity advisor for the Department of Energy said a central repository of widely used Software Bills of Material would significantly reduce the burden on federal agencies.

CDM team helped define cyber directives

Governmentwide cyber hygiene orders are increasingly taking into account the capabilities of Continuous Diagnostics and Mitigation tools.

CISA promises bespoke cyber advice for agencies

A new engagement arm of the Cybersecurity and Infrastructure Security Agency is designed to help agencies navigate the crush of cybersecurity requirements.

CISA director 'very concerned' about election influence from foreign adversaries

Jen Easterly, director of the nation's cyber defense agency, said foreign adversaries could potentially weaponize disinformation and misinformation to incite violence and undermine the public's confidence in the upcoming elections.

Public entities in nearly every state use federally-banned foreign tech, report says

A new report from Georgetown University’s Center for Security and Emerging Technology found that at least 1,681 state and local governments purchased equipment from five Chinese companies that were banned by the federal government between 2015 and 2021.

CISA sets voluntary cyber performance targets for critical infrastructure

A new set of documents and resources from the agency is designed to help critical infrastructure operators manage the basics of cybersecurity.

CISA seeks feedback on baseline measures to secure cloud configuration

Initial baselines address Microsoft services, and baselines for configuring rival services from Google are up next. 

CISA to focus on water, education and health sectors over the next year 

The agency contributed to the release of security requirements for the transportation sector this week and is expected to issue cross-sector performance goals for critical infrastructure companies’ voluntary adoption next week.

White House looks to advance cyber safety labeling effort with 'initial scope' next spring

A senior administration official said the White House is beginning with a label that will focus on some of the most at-risk technologies – and that the National Institute of Standards and Technology will play a major role in getting it done.