Cybersecurity
Salt Typhoon hackers exploited stolen credentials and a 7-year-old software flaw in Cisco systems
The Chinese hacking collective has widely leveraged vulnerabilities in communications infrastructure to breach dozens of telecom providers in the U.S. and overseas.
Cybersecurity
DOGE employee Edward Coristine lands at CISA with DHS email
A handle dubbed “Rivage” was reportedly tied to Coristine, and used to discuss and solicit hacking activities with a cybercrime syndicate known as The Com.
Cybersecurity
Lawmaker looks to strengthen security of U.S. communications following UK’s Apple backdoor order
Sen. Ron Wyden, D-Ore., released a discussion draft of a measure to reform the CLOUD Act after the UK ordered Apple to build a backdoor into encrypted iCloud backups.
Cybersecurity
Lawmakers ask DNI to reassess UK cyber, intel ties over Apple backdoor mandate
The court order issued by the United Kingdom centers on the UK’s 2016 Investigatory Powers Act, which was reportedly invoked to demand Apple provide a backdoor into users’ encrypted iCloud backups.
Cybersecurity
FBI notified over 4,300 victims of ‘pig butchering’ crypto scams in past year
After victims are tricked into buying crypto, they are shown fake online accounts with fictitious returns while the stolen funds are moved offshore, an FBI official said.
Cybersecurity
Salt Typhoon hackers possibly targeted telecom research at US universities
Recorded Future’s latest findings shed light on how widespread the Salt Typhoon campaign has become since it was uncovered last year.
Cybersecurity
Trump to nominate former RNC official to be national cyber director
It’s not clear how Sean Cairncross would address ongoing ONCD efforts, as the Trump administration has sought to refocus certain cyber priorities in the federal government.
Cybersecurity
Coast Guard workforce lacks maritime cyber expertise, watchdog says
The maritime service says it will develop “competency requirements” for relevant personnel by the end of December. It’s also planning new procedures to document maritime cyber incidents.
Cybersecurity
AI-cybersecurity firm Andesite secures added $23M in funding
The company, which is led by former CIA officials and other ex-national intelligence chiefs, also unveiled a new security operations center product, the firm first told Nextgov/FCW.
Cybersecurity
In reversal, CISA workforce now permitted to take deferred resignation offer
The move could enable the Trump administration to reduce the size and scope of the cyber agency.
Cybersecurity
OPM asks to dismiss email server lawsuit, citing misinterpretation of law
The agency notably released a privacy impact assessment for the dubious email server used to mass-message federal employees about a deferred resignation offer on the same day as the legal dismissal request.
Cybersecurity
Trump’s anti-DEI efforts damage national security, former officials say
The rollback of diversity, equity and inclusion initiatives weakens intelligence operations, erodes workforce morale and limits the U.S. government’s ability to navigate global threats, former national security officials argue.
Cybersecurity
CISA among DHS offices exempt from taking OPM’s deferred buyout offer
President Trump’s DHS chief said she wants to scale back the cybersecurity agency’s size and mission scope.
Cybersecurity
Democrats worry over Trump funding priorities for CISA’s disinfo efforts
President Donald Trump’s nominee to run DHS wants the Cybersecurity and Infrastructure Security Agency to be smaller and stay out of monitoring disinfo.
Cybersecurity
DHS cyber review board cleaned out in Trump move to eliminate ‘misuse of resources’
The board was actively investigating a Chinese hack into telecommunications systems.
Cybersecurity
US sanctions Chinese firm behind sweeping Salt Typhoon telecom hacks
The Treasury Department also sanctioned an individual involved in recent Chinese hacks into its own systems.
Cybersecurity
Space companies say cyber threat intelligence is often overclassified, unactionable
Space and aerospace industry feedback from a series of government-run workshops noted that such threat intelligence is difficult to translate into actionable cyber efforts.
Cybersecurity
Biden signs executive order inspired by lessons from recent cyberattacks
The order gives CISA more eyes to hunt cyber threats on government networks and directs agencies and contractors to be more transparent about the security of their software stockpiles.
Cybersecurity
Salt Typhoon breach was first detected on federal networks, CISA head says
Cybersecurity and Infrastructure Security Agency Director Jen Easterly said the group was first detected “before we understood it was Salt Typhoon.”
Cybersecurity