Cybersecurity

Compromised DNC credentials found on Telegram bot, cyber firm says

Security researchers with ZeroFox identified stolen login information from Democratic-aligned accounts ahead of the party’s presidential nominating convention, but noted that some records “were previously observed in private threat actor-operated repositories.”

Cybersecurity

DARPA edges closer to using AI to expose cyber vulnerabilities

Next year, seven teams will compete to polish off a best-case model that meshes AI and cybersecurity to detect and fix open-source vulnerabilities in critical infrastructure.

Cybersecurity

How the White House cyber czar is working to breathe new life into America’s cybersecurity workforce

The national cyber director wants to prepare the next generation of cyber warriors. It starts with touring schools.

Cybersecurity

Former NSA chief wants academia to play larger role in national security

Paul Nakasone is pushing for new initiatives to bolster national security research and workforce recruitment. It begins with a new institute at Vanderbilt University next month.

Cybersecurity

Trump campaign allegedly hacked, blames Iran for stealing internal communications

Iranian hacking activities are aligning more with legacy Russian cyber operations, a former top CISA official said.

Cybersecurity

Iran is accelerating US election influence operations, Microsoft research says

One Iran-linked disinformation collective staged covert news websites that focused on politically divisive topics. Another group breached a low-level account in a county-level swing state.

Cybersecurity

Top US cyber agency hasn’t seen infamous Chinese hackers breach election infrastructure

A pervasive hacking collective being tracked by U.S. intelligence agencies hasn’t been seen breaking into any election infrastructure, but visibility into the group’s activities still isn’t clear, according to CISA Director Jen Easterly.

Cybersecurity

Cyberattacks still ravage schools, defying White House efforts launched last year

Thousands of school districts have tapped into resources committed by the private sector to shore up their cyberdefenses.

Cybersecurity

US accuses Russian national of helping deploy malware on Ukrainian government computers

The alleged hacker used U.S. computer infrastructure to distribute the infamous “WhisperGate” malware into Ukrainian systems.

Cybersecurity

Decade-old cyber advice from GAO remains unimplemented, watchdog says

Reliance on legacy IT systems creates challenges for agencies looking to make use of the suggestions.

Artificial Intelligence

Feds beware: New studies demonstrate key AI shortcomings

Recent studies have started to show that there are serious downsides when it comes to such programs’ ability to produce secure code.

Cybersecurity

Space assets are in foreign adversaries' cyber crosshairs, DOD official says

The easiest targets are ground assets like operation centers and launch facilities, said Mieke Eoyang.

Cybersecurity

Thwarted cyberattack targeted Library of Congress in tandem with October British Library breach

Multifactor authentication prevented hackers from accessing the U.S. institution’s systems in the October campaign, documents show.

Cybersecurity

Russian hackers breached, sabotaged Texas water treatment plant, cyber firm says

If confirmed by U.S. officials, it would add Moscow to the list of American adversaries that have infiltrated water infrastructure in the past year.

Cybersecurity

Hackers tried to breach, disable widely used open-source Java tools, groups warn

The alert comes just after a possible nation state entity attempted to hijack an open-source Linux tool last month.

Cybersecurity

US accuses Chinese hackers of 14-year campaign targeting government officials

The coordinated charges include sanctions on Chinese government-affiliated hackers and an up to $10 million reward for information about the defendants.

Exclusive Cybersecurity

Flaws in public records management tool could let hackers nab sensitive data linked to requests

The GovQA platform, created by IT company Granicus, contained vulnerabilities that could have let cybercriminals retrieve tranches of sensitive files tied to public records requests, a security researcher revealed to Nextgov/FCW.

Cybersecurity

Agencies must disconnect all exposed Ivanti products by Friday, CISA says

The directive follows a related warning issued last month about cybersecurity flaws in Ivanti systems.

Cybersecurity

CISA directs agencies to mitigate widespread VPN bugs

Two unpatched flaws in Ivanti's Connect Secure VPN are being exploited by hackers in the wild.