November 15, 2024 at 10:07AM The public sector faces a growing security crisis due to deepfake videos, AI threats, and cyberattacks, pressuring federal agencies to enhance employee skills and cybersecurity measures. Agencies must address workforce skills gaps, prioritize training, and implement active cybersecurity strategies to combat evolving threats and protect national security effectively. ### Meeting … Read more
October 23, 2024 at 03:43PM A high-severity deserialization vulnerability in Microsoft SharePoint, CVE-2024-38094, is actively exploited, allowing authenticated attackers with Site Owner permissions to execute arbitrary code. Rated 7.2 on the CVSS, the flaw has patches available since July. Federal agencies must implement fixes by Nov. 12 due to potential exploitation risks. ### Meeting Takeaways: … Read more
September 21, 2024 at 08:53AM The US Cybersecurity and Infrastructure Security Agency has released the FCEB Operational Cybersecurity Alignment (FOCAL) plan to synchronize and strengthen federal agencies’ cyber defenses. Despite variations in defense capabilities, the plan aims to reduce cyber-risk by aligning agencies and providing tactical guidance. Challenges include resource allocation and collaboration among diverse … Read more
September 9, 2024 at 05:52PM Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims’ networks, impacting Gen 5, Gen 6, and Gen 7 firewalls. The vulnerability initially affected the firewalls’ management access interface, but was later found to also impact the SSLVPN feature and exploited in attacks. Mitigation measures … Read more
July 8, 2024 at 09:57AM The recent Supreme Court ruling overturned the Chevron Doctrine, shifting regulatory enforcement from federal agencies to courts. This will have a significant impact on cybersecurity regulation in the US, allowing businesses to appeal agency decisions and potentially leading to a surge in litigation. It also raises concerns about legal uncertainty … Read more
June 27, 2024 at 08:33AM CISA has warned about threat actors exploiting vulnerabilities in GeoServer, Linux kernel, and Roundcube Webmail. GeoServer flaw (CVE-2022-24816) allows code injection and remote code execution. Linux kernel flaw (CVE-2022-2586) may lead to privilege escalation. Roundcube Webmail (CVE-2020-13965) has a cross-site scripting issue. CISA urges action to mitigate risks. No prior … Read more
May 27, 2024 at 12:59PM President Biden’s October executive order on AI focused on guiding federal agencies in the safe use of machine learning technologies. The order’s requirements have been well-implemented, with agencies appointing chief data officers and devising data plans. The executive order serves as guardrails for AI deployment, ensuring safe and reliable systems … Read more
April 12, 2024 at 10:41AM CISA warns of Russian spies’ theft of sensitive data from Microsoft’s email system, prompting an Emergency Directive for affected agencies to analyze exfiltrated emails, reset compromised credentials, and enhance security. Microsoft and CISA collaborate to provide metadata on the exfiltrated emails. Security experts criticize Microsoft’s security practices and disclosure approach. … Read more
April 11, 2024 at 01:49PM The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring U.S. federal agencies to address risks arising from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. The directive mandates agencies to investigate affected emails, reset compromised credentials, and secure privileged Microsoft … Read more
February 24, 2024 at 07:21AM Microsoft has expanded free logging capabilities to all U.S. federal agencies, using Microsoft Purview Audit, regardless of licensing. This comes after a China-linked cyber espionage campaign targeting organizations. The move includes automatically enabling logs in customer accounts and increasing log retention to 180 days, aiding federal agencies to meet logging … Read more