Cyber Threats
Several Pentagon commands failed to keep good track of classified mobile devices, audit finds
The report comes amid an ongoing Chinese intrusion into U.S. telecom systems. Congress is also working to shore up device protections for servicemembers through the annual defense authorization bill.
CISA issues updated draft of national cyber incident response plan
The NCIRP was first released in 2016. The updates include pathways for non-federal groups to get involved in responding to devastating cyberattacks.
Salt Typhoon attacks prompt talk of hacking back against China
In classified settings, lawmakers have often asked national security officials why American cyber forces don’t go on the attack more often, one senator said.
Lawmakers targeted in encrypted messaging phishing scam
Officials have been urging Americans and federal staff to pivot to encrypted messaging services amid a recent Chinese breach into telecommunications networks.
FCC proposes updates to wiretap security standards following Chinese telecom hacks
Several lawmakers have called for the agency to reform wiretap standards governed by the Communications Assistance for Law Enforcement Act, or CALEA.
At least 8 US carriers hit in Chinese telecom hacks, senior official says
The hacks carried out by the Salt Typhoon group impacted a couple dozen countries and may have been ongoing for one to two years, the official said.
Chinese telecom espionage began with ‘much broader’ aims, officials say
The U.S. has been investigating the Salt Typhoon hackers since late spring and early summer this year, a senior FBI official said.
Accountability in cybersecurity: Why government agencies must raise the stakes
Promoting better cybersecurity in an organization might mean doing things like locking user machines when they don't complete cyber training because accountability is not optional.
Chinese hackers used a ‘range of sophisticated methods’ to breach US telecom providers, insider says
Salt Typhoon deployed various methods to break into telecommunications firms that went far beyond a singular run-of-the-mill credential-stealing attempt, according to a person familiar.
White House convened telecom leaders as details of Chinese espionage hack unfold
Many of the breached systems were not properly equipped with tools that recorded network activity, making it harder to quickly trace the origins of the hack, a person familiar said.
FCC leaders skirt call for wiretap security reform, hope to ‘go deeper’ on telecom breach briefings
Lawmakers have called on the agency to take up a rulemaking to rethink wiretapping laws amid the hacks that have ensnared several telecom companies, but top FCC officials have not signaled any forthcoming action yet.
New TSA cyber rules leave lawmakers, industry hopeful for happy medium regulations
The agency argues its Nov. 8 proposed rulemaking will dually address the transportation industry’s regulation concerns while ensuring they’re suitably protected from hackers. Others want to wait and see.
Featured eBooks
Hackers nabbed emails between congressional staff and Library of Congress
Affected staff were notified Friday afternoon, according to an internal email. Capitol Hill communications with the Congressional Research Service frequently involve confidential legislative drafts or policies still in the brainstorming stage.
US still backs UN cyber pact, but final approval awaits human rights safeguards
Some fear the convention would help legitimize authoritarian nations’ surveillance policies. The U.S. won’t formally ratify it until it sees human rights assurances.
Exclusive
DHS issues internal comms guidance amid telecom breach investigation
The DHS Cyber Safety Review Board is already slated to investigate the hacking collective, dubbed Salt Typhoon, and its intrusion into telecommunications firms and wiretap infrastructure.
Intelligence community briefed Congress on Chinese telecom intrusions
It’s believed the hackers, dubbed Salt Typhoon, accessed call records on numerous Americans, including officials and staff affiliated with President-elect Trump.
DHS cyber review board to investigate Chinese hack of US telecoms as victim net widens
U.S. government officials and staff on both major presidential campaigns were targeted. One former intelligence official called the breaches “really concerning.”
DOJ, Microsoft disrupt Russian hackers targeting civil society orgs
The group, likely linked to Russia’s Federal Security Service, has focused on stealing credentials from NGOs and think tanks around the world.
Russia-backed disinfo groups target Harris-Walz campaign, Microsoft says
A recent video that fabricated false claims of Harris paralyzing a girl in a 2011 car accident was produced and propagated by one of the collectives.
Compromised DNC credentials found on Telegram bot, cyber firm says
Security researchers with ZeroFox identified stolen login information from Democratic-aligned accounts ahead of the party’s presidential nominating convention, but noted that some records “were previously observed in private threat actor-operated repositories.”
