Cybersecurity

Chinese spy sentenced to 8 years in federal prison

The foreign national intended to obtain U.S. citizenship and a security clearance in order to get a federal government cybersecurity position.

Hackers used legit remote monitoring software to hack agency networks

Guidance from the National Security Agency and the Cybersecurity and Infrastructure Security Agency describe a phishing attack on a federal employee that used fake help desk domains to gain access to at least two federal civilian executive branch networks.

Fourth time around for vulnerability disclosure bill

Rep. Sheila Jackson Lee (D-Texas) is taking yet another stab at getting the executive branch to tell Congress more about its process of disclosing (or stockpiling) zero-day bugs.

CISA hires Navy cyber expert to help oversee vulnerability management

The cybersecurity agency selected U.S. Fleet Cyber Command veteran Sandy Radesky to serve as its associate director of vulnerability management Wednesday.

CISA’s chief of technology strategy stepping down ‘much earlier’ than expected

Cyber expert Daniel Bardenstein said he was leaving his post at the nation’s cyber defense agency for “a unique opportunity.”

Lawmaker asks CISA to investigate air travel cyber risks following FAA system outage

New questions have been raised about national air travel safety following the FAA’s ground stop earlier this week.

NARA publishes first update to cybersecurity records rules since 2014

The agency is issuing an update to the General Records Schedule, including new rules for packet capture and cybersecurity incident logs.

FCC rule would require telecom providers to immediately disclose sensitive data breaches

The Federal Communications Commission’s proposed rule would require telecommunications providers to immediately notify consumers and federal agencies about any breaches involving “customer proprietary network information.”

Interior’s cyber practices allow for easily crackable passwords, watchdog finds

An OIG investigation found that the Interior Department has not fully implemented multifactor authentication and that its “outdated and ineffective” password requirements leave employees’ accounts vulnerable to exploitation.

IARPA aims to thwart cyberattacks with psychology

The intelligence research agency is looking to deploy and automate hackers' cognitive biases to help defend potential cyberattacks.

Lawmakers highlight cyber, new tech and space in proposed spending bill

The $1.7 trillion omnibus introduced by lawmakers on Tuesday would spur on investments in cutting-edge technologies, cyber defense and space during the 2023 fiscal year.

CMS subcontractor breach potentially exposes sensitive data of 254,000 beneficiaries

The Centers for Medicare and Medicaid said the breach involved a subcontractor that appears to have violated its obligations to the agency.

Cyber Safety Review Board to focus its next report on the Lapsus$ extortion group

The Cyber Safety Review Board has announced its plans to focus a sweeping cybersecurity report on a series of recent attacks linked to the global ransomware group Lapsus$.

Majority of defense contractors fail to implement critical cybersecurity requirements, report says

A new report reveals that many contractors working for the Department of Defense have failed to implement required cybersecurity measures.

Report finds Census Bureau lacks ‘effective cybersecurity posture’ after red team hack

A new inspector general report details how government-contracted hackers managed to gain covert access to Census Bureau systems in a simulated attack against the federal agency.

What do industry and cybersecurity experts want in the upcoming national cyber strategy?

The White House has been working with a range of industry stakeholders and cybersecurity experts on a forthcoming plan that could transform America’s cyber landscape. Here’s what they hope makes it into the new strategy.