Cyber Threats
Compromised DNC credentials found on Telegram bot, cyber firm says
Security researchers with ZeroFox identified stolen login information from Democratic-aligned accounts ahead of the party’s presidential nominating convention, but noted that some records “were previously observed in private threat actor-operated repositories.”
DARPA edges closer to using AI to expose cyber vulnerabilities
Next year, seven teams will compete to polish off a best-case model that meshes AI and cybersecurity to detect and fix open-source vulnerabilities in critical infrastructure.
How the White House cyber czar is working to breathe new life into America’s cybersecurity workforce
The national cyber director wants to prepare the next generation of cyber warriors. It starts with touring schools.
Former NSA chief wants academia to play larger role in national security
Paul Nakasone is pushing for new initiatives to bolster national security research and workforce recruitment. It begins with a new institute at Vanderbilt University next month.
Trump campaign allegedly hacked, blames Iran for stealing internal communications
Iranian hacking activities are aligning more with legacy Russian cyber operations, a former top CISA official said.
Iran is accelerating US election influence operations, Microsoft research says
One Iran-linked disinformation collective staged covert news websites that focused on politically divisive topics. Another group breached a low-level account in a county-level swing state.
Top US cyber agency hasn’t seen infamous Chinese hackers breach election infrastructure
A pervasive hacking collective being tracked by U.S. intelligence agencies hasn’t been seen breaking into any election infrastructure, but visibility into the group’s activities still isn’t clear, according to CISA Director Jen Easterly.
Cyberattacks still ravage schools, defying White House efforts launched last year
Thousands of school districts have tapped into resources committed by the private sector to shore up their cyberdefenses.
US accuses Russian national of helping deploy malware on Ukrainian government computers
The alleged hacker used U.S. computer infrastructure to distribute the infamous “WhisperGate” malware into Ukrainian systems.
Decade-old cyber advice from GAO remains unimplemented, watchdog says
Reliance on legacy IT systems creates challenges for agencies looking to make use of the suggestions.
Feds beware: New studies demonstrate key AI shortcomings
Recent studies have started to show that there are serious downsides when it comes to such programs’ ability to produce secure code.
Space assets are in foreign adversaries' cyber crosshairs, DOD official says
The easiest targets are ground assets like operation centers and launch facilities, said Mieke Eoyang.
Thwarted cyberattack targeted Library of Congress in tandem with October British Library breach
Multifactor authentication prevented hackers from accessing the U.S. institution’s systems in the October campaign, documents show.
Featured eBooks
US diplomats told China to stop Volt Typhoon campaign — It’s becoming more advanced, intelligence officials say
A pervasive Beijing-linked hacking operation has caught the attention of diplomats and spy agencies.
Russian hackers breached, sabotaged Texas water treatment plant, cyber firm says
If confirmed by U.S. officials, it would add Moscow to the list of American adversaries that have infiltrated water infrastructure in the past year.
Hackers tried to breach, disable widely used open-source Java tools, groups warn
The alert comes just after a possible nation state entity attempted to hijack an open-source Linux tool last month.
US accuses Chinese hackers of 14-year campaign targeting government officials
The coordinated charges include sanctions on Chinese government-affiliated hackers and an up to $10 million reward for information about the defendants.
Exclusive
Flaws in public records management tool could let hackers nab sensitive data linked to requests
The GovQA platform, created by IT company Granicus, contained vulnerabilities that could have let cybercriminals retrieve tranches of sensitive files tied to public records requests, a security researcher revealed to Nextgov/FCW.
Agencies must disconnect all exposed Ivanti products by Friday, CISA says
The directive follows a related warning issued last month about cybersecurity flaws in Ivanti systems.
CISA directs agencies to mitigate widespread VPN bugs
Two unpatched flaws in Ivanti's Connect Secure VPN are being exploited by hackers in the wild.
How hackers can 'poison' AI
A new paper from NIST offers a standard taxonomy of cyber attacks dedicated to contaminating the data AI models use to learn.
