Artificial Intelligence
Is artificial intelligence a friend, foe or frenemy? NIST wants to find out
The standards agency will be hosting a working session to discuss how AI-empowered attacks can be used to sometimes get around traditional defenses.
Cybersecurity
Salt Typhoon hackers targeted over 80 countries, FBI says
The Chinese campaign appears to have reached into other organizations beyond the telecom industry, including transportation and military infrastructure networks, according to a Wednesday advisory.
Exclusive
Cybersecurity
Report: Russia-based Yandex employee oversees open-source software approved for DOD use
The package is listed inside Platform One’s Iron Bank, a vetted Defense Department software repository, people familiar say.
Cybersecurity
In pitch to hacker community, Trump’s NSC cyber lead says AI key to future of cyberdefense
At DEF CON, Alexei Bulazel said AI-powered tools will give software developers “incredible abilities” to harden networks by adding multilayered checks to the code-scanning process and catching flaws that might otherwise slip through.
Cybersecurity
US court system to boost cyber posture after hack of electronic case management tool
The breach may have revealed the identities of confidential informants involved in criminal cases in several federal district courts, according to Politico.
Cybersecurity
CISA officials commit to supporting top vulnerability cataloging program
Organizations around the world rely on the Common Vulnerabilities and Exposures Program, whose contract with CISA almost expired in April. It serves as the worldwide, de facto standard for vulnerability identification and management.
Updated
Cybersecurity
‘High-severity’ Microsoft Exchange vulnerability disclosed on heels of Black Hat talk
Parts of the federal enterprise are likely susceptible to the flaw that allows hackers to hijack on-premises versions of Active Directory. CISA plans to release an emergency directive on Thursday, according to a person familiar with the matter.
Cybersecurity
New research shows Iran’s expansive cyber offensive during ‘12-Day War’ with Israel
One state-backed hacking group created conflict-themed websites to lure pro-Israel visitors and siphon their data, according to SecurityScorecard.
Cybersecurity
Foreign adversaries are trying to weaponize open-source software, report finds
Hacking units affiliated with nation-state adversaries are subtly contributing to open-source software tools and working to insert backdoors into publicly available code used by millions worldwide, new research says.
People
Senate confirms Sean Cairncross to be national cyber director under Trump
Sean Cairncross, a former RNC official, is the first person to head the Office of the National Cyber Director under Donald Trump.
Cybersecurity
Expiring cyber information-sharing law puts US maritime infrastructure at risk, experts warn
A congressional probe last year found Chinese‑made technology embedded in many U.S. ports, raising fears of espionage and sabotage.
Cybersecurity
Russian hackers target local internet to spy on embassies in Moscow, Microsoft says
The attack works by rerouting targeted diplomatic devices through a hoax captive portal modeled on the kind commonly used to grant internet access in hotels and airports.
Cybersecurity
Pentagon not impacted by Microsoft Sharepoint hack, tech chief says
The department has been holding daily calls with Microsoft since the zero-day was discovered, the DOD CIO said at an event Thursday.
Cybersecurity
Trump’s CISA nominee is confident he can get funding to cyber agency where needed
Sean Plankey, a former Energy Department cyber official, tussled with Sen. Richard Blumenthal, D-Conn., over 2020 election security during his confirmation hearing. He also committed to the renewal of a key cyber information-sharing law before it soon expires.
Cybersecurity
DHS impacted in hack of Microsoft SharePoint products, people familiar say
The zero-day vulnerability — which was first disclosed late Saturday — has been exploited by several Chinese state-aligned groups, according to Microsoft.
Cybersecurity
Chinese hackers are exploiting SharePoint vulnerabilities, Microsoft says
The bugs affecting on-premises builds of SharePoint deployments are officially being exploited by at least two major Chinese nation-state hacking units, the company said. Patches have been issued for all affected versions of SharePoint.
Cybersecurity
Threat intel firms on alert for government systems impacted by Microsoft SharePoint vulnerability
Governments, schools, healthcare providers and large enterprise firms are at risk, one cyber threat intelligence chief said.
Cybersecurity
Salt Typhoon hacks into National Guard systems a ‘serious escalation’, experts warn
“Going forward, all U.S. forces must now assume their networks are compromised and will be degraded,” a former Air National Guard servicemember said.
Cybersecurity