Christian Vasquez Archives | FedScoop

Growing pains at the Bureau of Cyberspace and Digital Policy, report finds

mbracken — Fri, 12 Jan 2024 20:02:16 +0000

The GAO found that the State Department is addressing challenges at the new bureau tied to role definitions and hiring.

The post Growing pains at the Bureau of Cyberspace and Digital Policy, report finds appeared first on FedScoop.

Defending federal networks requires more than money, CSIS study finds

Billy Mitchell — Mon, 23 Oct 2023 20:30:02 +0000

A six-month study dove into the services offered by the Cybersecurity and Infrastructure Security Agency to protect federal networks.

The post Defending federal networks requires more than money, CSIS study finds appeared first on FedScoop.

DHS council seeks to simplify cyber incident reporting rules

Billy Mitchell — Thu, 21 Sep 2023 14:32:13 +0000

The Biden administration is looking to simplify the dizzying reporting requirements faced by critical infrastructure entities.

The post DHS council seeks to simplify cyber incident reporting rules appeared first on FedScoop.

White House releases National Cybersecurity Strategy implementation plan

John Hewitt Jones — Thu, 13 Jul 2023 14:36:18 +0000

The post White House releases National Cybersecurity Strategy implementation plan appeared first on FedScoop.

White House releases cybersecurity budget priorities for FY 2025

John Hewitt Jones — Wed, 28 Jun 2023 14:55:50 +0000

The Biden administration noted that department and agencies are expected to follow the recently released National Cybersecurity Strategy.

The post White House releases cybersecurity budget priorities for FY 2025 appeared first on FedScoop.

CISA: Federal civilian agency hacked by nation-state and criminal hacking groups

John Hewitt Jones — Thu, 16 Mar 2023 16:13:15 +0000

The vulnerability used in the attack against the federal agency is well-known and among the top exploits in 2021.

The post CISA: Federal civilian agency hacked by nation-state and criminal hacking groups appeared first on FedScoop.

Biden’s national cybersecurity strategy advocates tech regulation, software liability reform

John Hewitt Jones — Thu, 02 Mar 2023 15:02:42 +0000

The strategy represents a shift in how Washington approaches cybersecurity, veering toward a more strictly regulated approach.

The post Biden’s national cybersecurity strategy advocates tech regulation, software liability reform appeared first on FedScoop.

Cybercriminals scam two federal agencies via remote desktop tool, CISA warns

John Hewitt Jones — Thu, 26 Jan 2023 20:58:17 +0000

Cybercriminals duped federal employees into downloading remote monitoring and management software and then used it to execute scams to steal money from victims’ bank accounts, top cybersecurity officials said Wednesday.

In an alert warning agencies about the malicious use of remote management software, in this case ConnectWise Control and AnyDesk, officials said that while the specific activity “appears to be financially motivated and targets individuals, the access could lead to additional malicious activity against the recipient’s organization—from both other cybercriminals and [advanced persistent threat] actors.”

The joint alert from the Cybersecurity and Infrastructure Security Agency, National Security Agency and Multi-State Information Sharing and Analysis Center did not specify which agencies were affected, but noted that at least two were victims.

Additionally, the alert said help desk-themed phishing emails were sent since at least June 2022 to multiple federal civilian agencies. CISA detailed the two instances of suspected malicious activity discovered in October using the federal intrusion detection program known as EINSTEIN. In mid-June, a federal civilian agency received a phishing email and the victim called a phone number contained in the message and led them to a malicious domain. In mid-September, CISA identified traffic flowing between an agency network and a malicious domain.

The campaign continued until at least early November, the alert said. The hackers impersonated help desk services such as Geek Squad Services, general tech support owned by Best Buy, as well as Norton, Amazon, McAfee and PayPal in order to dupe victims. Once the hackers had access to the victims’ machines, they could potentially sell any network access to other cyber criminals or APT groups, according to the alert. “This campaign highlights the threat of malicious cyber activity associated with legitimate RMM software.”

The report warned that, generally, remote management software does not trigger antivirus or anti-malware defenses and that hackers can use legitimate RMM software in a portable executable which can “bypass administrative privilege requirements and software management control policies.” Additionally, RMM software can reduce the need for a malicious hacker to use custom malware and can act as a backdoor to keep on the victim’s network.

The post Cybercriminals scam two federal agencies via remote desktop tool, CISA warns appeared first on FedScoop.