The Department of Homeland Security won’t tell Congress how many employees at the Cybersecurity and Infrastructure Security Agency it has fired or pushed to leave, a top congressional Democrat said Wednesday. “You’ve overseen mass reductions in the workforce at CISA and” the Federal Emergency Management Agency, Mississippi Rep. Bennie Thompson, the top Democrat on the…
Category: Cybersecurity and Infrastructure Security Agency (CISA)
Check Point, CISA, cisco, CVE, Cybercrime, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), edge devices, exploit, Exploits, firewall, Fortinet, Global Security News, Mandiant, Palo Alto Networks, Rapid7, Research, sonicwall, Technology, Threats, virtual private network (VPN), vulnerabilities
SonicWall customers confront resurgence of actively exploited vulnerabilities
Vulnerabilities are proliferating in SonicWall devices and software this year, putting the vendor’s customers at risk of intrusion via secure access gateways and firewalls. The year started off on a sour note for the California-based company when it released security advisories for nine vulnerabilities on Jan. 7. The total number of vulnerabilities publicly disclosed by…
budget, Chris Murphy, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), disinformation, Election Security, Gary Peters, Global Security News, Government, House Appropriations Committee, information sharing, Kristi Noem, Lauren Underwood, misinformation, Money, Senate Appropriations Committee
Sen. Murphy: Trump administration has ‘illegally gutted funding for cybersecurity’
Another top appropriations Democrat criticized budget cuts affecting the Cybersecurity and Infrastructure Security Agency, saying the Trump administration has “illegally gutted funding for cybersecurity.” Connecticut Sen. Chris Murphy, the ranking member on the Senate Appropriations Subcommittee on Homeland Security, made his remarks Thursday to Department of Homeland Security Secretary Kristi Noem at a hearing on…
Amazon, CISA, crowdstrike, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Collaboration Center, Global Security News, Google, Government, intelligence sharing, Joint Cyber Defense Collaborative, Joint Cyber Defense Collaborative (JCDC), National Security Agency, National Security Agency (NSA), Palo Alto Networks, Research, Technology, Threat Intelligence, Threats
Amazon, CrowdStrike, Google and Palo Alto Networks claim no change to threat intel sharing under Trump
SAN FRANCISCO — Threat intelligence sharing is flowing between the private sector and federal government and remains unimpeded thus far by job losses and budget cuts across federal agencies that support the cyber mission, according to executives at major security firms. Top brass at Amazon, CrowdStrike, Google and Palo Alto Networks said there’s been no…
Biden administration, Brandon Wales, budget, CISA, cyber workforce, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), cybersecurity workforce, Department of Homeland Security (DHS), disinformation, Global Security News, Government, misinformation, Money, office of management and budget, social media, supreme court, Trump Administration, U.S. Supreme Court, Workforce
Trump administration proposes cutting $491M from CISA budget
President Donald Trump’s fiscal 2026 budget proposal would slash $491 million from the budget of the Cybersecurity and Infrastructure Security Agency, according to a summary released Friday. That would amount to a nearly 17% reduction to the agency’s approximately $3 billion budget. The administration did not release a detailed itemization of the cuts, only an…
Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, Government, House Homeland Security Committee, Workforce
Congressional officials wonder how CISA can carry out core mission in face of workforce cuts
SAN FRANCISCO – In her appearance at the RSAC 2025 Conference, Homeland Security Secretary Kristi Noem spoke about getting CISA back to its “core mission” of protecting federal networks and critical infrastructure from cybersecurity threats. Other cyber policy experts wonder how that is going to unfold with such concentration on cutting CISA’s workforce. Congressional staffers…
Asia Pacific, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, Government, RSAC 2025 Conference
DHS Secretary Noem: CISA needs to get back to ‘core mission’
SAN FRANCISCO — Homeland Security Secretary Kristi Noem outlined her plans Tuesday to refocus the Cybersecurity and Infrastructure Security Agency (CISA) on protecting critical infrastructure from increasingly sophisticated threats — particularly from China — while distancing the agency from what she characterized as mission drift under previous leadership. Speaking at the 2025 RSAC Conference, Noem…
CISA, Cybersecurity and Infrastructure Security Agency (CISA), Dakota State University, Global Security News, Workforce
CISA gets new No. 2: Madhu Gottumukkala
The Cybersecurity and Infrastructure Security Agency will soon have a new second-in-command. Madhu Gottumukkala has been named deputy director. He comes over to CISA from his prior position in the South Dakota government, where Kristi Noem was most recently governor before taking over as secretary of the Department of Homeland Security. Gottumukkala had been commissioner…
CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, IBM X-Force, known exploited vulnerabilities (KEV), Mandiant, Research, Verizon Data Breach Investigations Report, Verizon DBIR, VulnCheck, vulnerabilities
VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025
Attackers exploited nearly a third of vulnerabilities within a day of CVE disclosure in the first quarter of 2025, VulnCheck said in a report released Thursday. The company, which focuses on vulnerability threat intelligence, identified 159 actively exploited vulnerabilities from 50 sources during the quarter. The time from CVE disclosure to evidence of exploitation in…
Cybercrime, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Data Breaches, edge devices, Exploitation, Exploits, Global Security News, Ransomware, ransomware payments, Research, Threats, Verizon, Verizon Data Breach Investigations Report, Verizon DBIR, zero days
Verizon discovers spike in ransomware and exploited vulnerabilities
Cybercriminals and state-sponsored threat groups exploited vulnerabilities and initiated ransomware attacks with vigor last year, escalating the scope of their impact by hitting more victims and outmaneuvering defenses with speed. The rate of ransomware detected in data breaches jumped 37%, occurring in 44% of the 12,195 data breaches reviewed in Verizon’s 2025 Data Breach Investigations…
Asia Pacific, Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Donald Trump, Executive order, FEMA, Global Security News, Government, information sharing and analysis centers (ISACs), maritime cybersecurity, op-ed
Rebuilding Maritime Cybersecurity Resilience: Charting an America First Course to Secure the U.S. Homeland
U.S. ports are vital to the flow of imports and exports; however, the entire maritime transportation system’s cybersecurity is exceedingly vulnerable. The August 2024 ransomware attack at the Port of Seattle resulted in significant cargo delays and a data breach of 90,000 individuals. Such a wide-scale incursion could have resulted in a longer loss of…
2020 elections, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Justice, Department of Justice (DOJ), Donald Trump, Executive order, Global Security News, Government, Justice Department, Karoline Leavitt, Miles Taylor, SentinelOne, Workforce
Chris Krebs resigns from SentinelOne to focus on fighting Trump’s executive order
Chris Krebs has resigned from SentinelOne, saying he needs to devote himself fully to fighting the executive order President Donald Trump signed to target his former director of the Cybersecurity and Infrastructure Security Agency. The executive order was a key touchpoint in Trump’s unprecedented campaign to punish those he views as his enemies. While at…
CISA, CVE, CVE Foundation, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, MITRE, National Vulnerability Database, NIST
CISA reverses course, extends MITRE CVE contract
In a last-minute switch, the Cybersecurity and Infrastructure Security Agency said it will continue funding a contract for MITRE to manage the CVE program and other vulnerability databases. In a statement sent to CyberScoop, a spokesperson said the agency executed an option to extend the contract and avoid a potential lapse in a program that…
Asia Pacific, china, CISA, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Department of Homeland Security (DHS), disinformation, Exclusive, Gary Peters, Global Security News, Government, information sharing, information sharing and analysis centers (ISACs), Joint Cyber Defense Collaborative, Local Government, Mike Rounds, misinformation, North Carolina, Policy, privacy, rand paul, Russia, Salt Typhoon, Senate Armed Services Committee, Senate Homeland Security and Governmental Affairs Committee, SolarWinds, State Government, Volt Typhoon
Exclusive: Peters, Rounds tee up bill to renew expiring cyber threat information sharing law
A bipartisan pair of senators are kicking off the race Wednesday to reauthorize a 2015 cyber threat information sharing law, a move that industry groups and cyber experts are eager to see happen before it’s set to expire in September. Advocates say the 10-year-old Cybersecurity Information Sharing Act has been vital to sharing threat information…
china, CISA, cisco, citrix, Coalition, CVE, Cybercrime, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), edge devices, espionage, exploit, Exploits, firewall, firewalls, Fortinet, Gartner, Global Security News, Google Threat Intelligence Group, ivanti, known exploited vulnerabilities (KEV), Mandiant, National Vulnerability Database, NIST, Palo Alto Networks, Rapid7, Research, routers, Technology, Threats, virtual private network (VPN), VulnCheck, vulnerabilities, vulnerability disclosure, zero days
Is Ivanti the problem or a symptom of a systemic issue with network devices?
Network edge devices — hardware that powers firewalls, VPNs and network routers — have quickly moved up the list of attackers’ preferred intrusion points into enterprise networks. While dozens of companies make and sell these devices, customers of one company in particular — Ivanti — have confronted exploited vulnerabilities in their products more than any…
Andrew Garbarino, Bridget Bean, CISA, Congress, cyber workforce, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), cybersecurity workforce, Department of Homeland Security (DHS), Eric Swalwell, Global Security News, Government, House Homeland Security Committee, Kristi Noem, Mark Green, Policy, Workforce
Rep. Swalwell demands Hill briefing on planned CISA personnel cuts
The Cybersecurity and Infrastructure Security Agency must brief Congress on proposed deep cuts to agency personnel, a top Democrat said in a letter to its acting director. California Rep. Eric Swalwell, ranking member of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, wrote in the letter to acting Director Bridget Bean on Thursday…
Cybersecurity and Infrastructure Security Agency (CISA), election interference, FedRAMP, Global Security News, Government, SentinelOne
Trump signs order stripping Chris Krebs of security clearance
President Donald Trump signed a memorandum Wednesday revoking the security clearance of former CISA leader Chris Krebs, with the White House saying he was a “significant bad-faith actor who weaponized and abused his government authority” during his time leading the agency. The order also suspends any active security clearance held by employees at SentinelOne, where…
Asia Pacific, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Office of the Comptroller of the Currency, Treasury Department
Treasury bureau notifies Congress that email hack was a ‘major’ cybersecurity incident
The Office of the Comptroller of the Currency has notified Congress that a February breach of its email system is classified as a major cybersecurity incident. The incident was first disclosed Feb. 26, though the OCC provided virtually no details at the time, only saying that it had resolved a security incident “involving an administrative…
bulletproof hosting, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), fast flux, Global Security News, Government, National Security Agency (NSA), Threats
International intelligence agencies raise the alarm on fast flux
International intelligence and cybersecurity agencies jointly issued a warning Thursday about “fast flux,” an advanced technique used by cybercriminals and state-sponsored actors to evade detection and maintain resilient command and control infrastructure. Fast flux involves rapidly changing or swapping out IP addresses linked to a particular domain. These quick changes render malicious activity nearly invisible…
Andrew Garbarino, CIRCIA, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Eric Swalwell, Global Security News, Government, House Homeland Security Committee, Joint Cyber Defense Collaborative (JCDC), Local Government, Policy, rand paul, Senate Homeland Security and Governmental Affairs Committee, State Government
Don’t cut CISA personnel, House panel leaders say, as they plan legislation giving the agency more to do
Leaders of a key House subcommittee criticized the Trump administration’s personnel cuts at the Cybersecurity and Infrastructure Security Agency on Wednesday, with its chairman saying he wants CISA to take on more responsibilities, not less — some of which figure into his legislative priorities. Rep. Andrew Garbarino, the New York Republican who chairs the House…
Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, FDA, Global Security News, Government, Medical Devices, Policy
Dispersed responsibility, lack of asset inventory is causing gaps in medical device cybersecurity
Witnesses at a House hearing on medical device cybersecurity Tuesday called out the need for more proactive tracking of products used across the country, saying the status quo leaves many health system owners and operators in the dark about vulnerabilities, exploitation and patching updates. Testifying before the House Energy and Commerce Subcommittee on Oversight and…
Andrew Garbarino, budget, CISA, Connecticut, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Eric Swalwell, Federal Emergency Management Agency, FEMA, Global Security News, Government, House Homeland Security Committee, Kentucky, Local Government, Money, MS-ISAC, Policy, State Government, Threats, Utah
Renew — but improve — billion-dollar cyber grant program to states and locals, House witnesses say
It’s vital that Congress renew the expiring $1 billion state and local cybersecurity grant program, witnesses testified before a House panel, but they added that it could benefit from some upgrades, too. New York Rep. Andrew Garbarino, chairman of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection that held the hearing Tuesday, said…
Center for Democracy & Technology, Center for Democracy and Technology, china, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Executive order, Global Security News, Government, information sharing and analysis centers (ISACs), Jen Easterly, Joe Slowik, Local Government, National Association of State Chief Information Officers, Nitin Natarajan, NuHarbor, pennsylvania, Policy, State Government, Trump Administration
Trump’s ‘preparedness’ executive order would shift cyber defense burden where it doesn’t belong, experts say
Many cyber experts are panning a new Trump administration executive order that would shift more responsibilities for responding to cyberattacks to state and local governments, saying it will leave states holding the bag for a job they aren’t best equipped to handle. The executive order, issued last week, is entitled “Achieving Efficiency Through State and…
continuous diagnostics and mitigation, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Elastic, Emerging Tech, Global Security News, Government, SolarWinds
How DHS is working to continually improve the Continuous Diagnostics and Mitigation program
Department of Homeland Security officials in charge of the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) have pushed the program to evolve from a compliance-focused initiative to a real-time threat detection and response platform. First launched in 2013, the program is now tracking approximately 6.5 million devices, which includes operational technology…
CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), cybersecurity harmonization, Cybersecurity Information Sharing Act, Global Security News, Government, House Homeland Security Committee, House Intelligence Committee, Policy, rand paul, regulation, Sean Plankey, Senate Homeland Security and Governmental Affairs Committee, Senate Intelligence Committee
Congress should re-up 2015 information-sharing law, top Hill staffer says
Congress needs to reauthorize an expiring law that provides legal protections to companies for sharing cyber threat information with the federal government and each other, the staff director for Democrats on the Senate Homeland Security and Governmental Affairs Committee said Wednesday. The 2015 Cybersecurity and Infrastructure Security Act is due to lapse at the end…
Action1, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Microsoft, Patch Tuesday, Rapid7, Threats, vulnerabilities, zero days
Microsoft patches 57 vulnerabilities, including 6 zero-days
Microsoft patched 57 vulnerabilities affecting its foundational systems and core products, including six actively exploited zero-day vulnerabilities, the company said in its latest security update Tuesday. Four of the six zero-days, which were all added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog, are high-severity on the CVSS scale. The software defects…
Armis, budget, CISA, Congress, cyber workforce, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), cybersecurity workforce, Department of Government Efficency, Department of Homeland Security (DHS), Emerging Tech, Global Security News, Government, government shutdown, Joe Biden, National Security Council, National Security Council (NSC), Policy, Trump Administration, Workforce
Amid personnel turmoil at cyber agencies, a government shutdown could increase potential harm
A potential government shutdown looms by the end of this week if Congress doesn’t pass legislation to keep funding the federal government, a development that could worsen problems cyber personnel and agencies are experiencing under the second Trump administration, experts say. Many cyber feds would likely be exempt from furloughs during a government shutdown, common…
CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Election Security, Global Security News, Government, Karen Evans, Sean Cairncross, Sean Plankey, Senate Homeland Security and Governmental Affairs Committee, Trump Administration, Workforce
Sean Plankey picked by Trump to be CISA director
President Donald Trump nominated Sean Plankey to head the Cybersecurity and Infrastructure Security Committee on Tuesday, the last major piece to fall into place for cybersecurity leadership in his administration. Plankey served in the first Trump administration, holding a few posts with cyber responsibilities. He was the principal deputy assistant secretary for the Energy Department’s…
Bennie Thompson, CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, House Homeland Security Committee, Jake Williams, Russia, Threats
DHS says CISA won’t stop looking at Russian cyber threats
The Department of Homeland Security said that its Cybersecurity and Infrastructure Security Agency will continue to pay attention to Russian cyber threats, contrary to media reports suggesting the opposite. The Guardian reported last week that a recent CISA memo setting out priorities for the agency didn’t list Russia among them, while including Chinese threats and…
Bennie Thompson, CISA, cyber workforce, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), cybersecurity workforce, Department of Government Efficency, Department of Homeland Security (DHS), Global Security News, grants, House Homeland Security Committee, Mark Green, PIVOTT Act, Policy, Trump Administration, Workforce
Cyber workforce legislation vote gives rise to partisan rift on House Homeland Security Committee
A partisan divide opened Wednesday over a bill to bolster the cyber workforce, legislation that earned unanimous support in the House Homeland Security Committee last year but that Democrats are now wary of under President Donald Trump. Under the legislation, students at technical schools and community colleges would receive scholarships in return for two years…
Alexei Bulazel, Asia Pacific, CISA, Congress, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Energy, Department of Energy (DOE), Eric Goldstein, Federal IT, Global Security News, Government, Jeff Greene, Karen Evans, National Cyber Director, National Security Council, National Security Council (NSC), NSC, office of management and budget, OMB, Sean Cairncross, Workforce
Karen Evans steps into a leading federal cyber position: executive assistant director for cybersecurity at CISA
Federal IT and cyber government veteran Karen Evans is the new executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency. It’s one of the most prominent cyber jobs in the federal government, previously held by Jeff Greene and Eric Goldstein. A description of the post on the CISA website says that the…
Bennie Thompson, CISA, Computer Fraud and Abuse Act (CFAA), crowdstrike, Cybersecurity, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Department of Homeland Security (DHS), fraud, Global Security News, House Homeland Security Committee, House Intelligence Committee, information sharing, information sharing and analysis centers (ISACs), Internet Security Alliance, Kemba Walden, Mark Green, Mark Warner, Policy, privacy, rand paul, Senate Homeland Security and Governmental Affairs Committee, Senate Intelligence Committee, SolarWinds
A major cybersecurity law is expiring soon — and advocates are prepping to push Congress for renewal
A push is gearing up to renew an expiring 10-year-old cybersecurity law that was viewed at its initial passage as the most significant cybersecurity legislation Congress had ever passed, and that advocates say now fosters several important threat-sharing initiatives. The 2015 Cybersecurity Information Sharing Act provides safeguards for companies that voluntarily share threat intelligence data…
AI, AI Cybersecurity, Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Emerging Tech, Global Security News, Government, Joint Cyber Defense Collaborative (JCDC)
CISA’s AI cybersecurity playbook calls for greater collaboration, but trust is key to successful execution
As autonomous agents increasingly enter organizations, nation-state actors are turning to these AI-powered technologies to undermine our national security and critical infrastructures. As a result, today’s security teams need to be able to fight AI with AI, and understand the technology’s implications from both a defensive and offensive perspective. Similarly, our national defenses have to…
Cyber Safety Review Board, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, Government, Policy, Salt Typhoon
Purging cyber review board was ‘a great idea,’ DHS deputy secretary nominee says
Expelling all members of an independent federal cybersecurity advisory panel as it was investigating Salt Typhoon was necessary due to previous leadership and the board “going in the wrong direction,” President Donald Trump’s nominee for deputy secretary of the Department of Homeland Security said Tuesday. Troy Edgar, who is serving as a senior adviser to…
china, CISA, Cybersecurity and Infrastructure Security Agency (CISA), Department of Government Efficency, disinformation, Election Security, Elon Musk, Global Security News, Government, misinformation, Social Security Administration, Trump Administration, Twitter, Workforce
No, that’s not the acting head of the Social Security Administration. That’s a former CISA employee.
A longtime former employee of the Cybersecurity and Infrastructure Security Agency, an agency in the midst of curtailing its anti-misinformation and disinformation work under President Donald Trump, has found himself being misidentified online as a key figure in another Trump administration battle. On social media and in some news outlets, Ross Foard, a former CISA…
china, cisco, Cisco IOS XE, Cisco Talos, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Research, Salt Typhoon, telecommunications, Threat Intelligence, Threats
Salt Typhoon gained initial access to telecoms through Cisco devices
Salt Typhoon gained initial access to Cisco devices as part of the Chinese nation-state threat group’s sweeping attacks on U.S. telecom networks, the company confirmed Thursday in a threat intelligence report. Cisco Talos, the networking vendor’s threat intelligence unit, said it observed one instance where Salt Typhoon likely exploited a seven-year-old critical vulnerability in Cisco…
Asia Pacific, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), disinformation, Election Security, Global Security News, Government
CISA election, disinformation officials placed on administrative leave, sources say
The Cybersecurity and Infrastructure Security Agency placed several members of its election security group on administrative leave last week, multiple sources familiar with the situation told CyberScoop. According to one source, the moves happened Thursday and Friday of last week and were targeted at employees focused on CISA’s mis-, dis- and malinformation teams. The moves…
Amazon Web Services (AWS), cloud computing, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, open source, Research, S3 bucket, SSL, VPN gateway, watchTowr Labs
Here’s all the ways an abandoned cloud instance can cause security issues
There is a line of thought among the public that “the internet is forever.” A security company published research Tuesday that showed why “forever” can be a security nightmare. Over the course of four months, cybersecurity researchers at watchTowr monitored and ultimately took control of what they referred to as “abandoned” digital infrastructure, focusing on…
Bennie Thompson, Brandon Wales, china, CISA, Cyber Safety Review Board, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Department of Homeland Security (DHS), Global Security News, Government, House Homeland Security Committee, Jake Williams, JD Work, Kemba Walden, Kevin Beaumont, Mark Green, National Cyber Director, Paladin, Policy, Salt Typhoon, SentinelOne, telecommunications, Trump Administration
Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker
The top Democrat on the House Homeland Security Committee and a number of cyber professionals on Wednesday lamented the Trump administration’s decision to purge a cyber incident investigation board of its membership. But the move had some supporters, including the chairman of that same committee. Acting Department of Homeland Security Secretary Benjamine Huffman issued a…
Biden, Biden administration, Chris Krebs, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), disinformation, Disinformation Governance Board, Donald Trump, Global Security News, Government, Joe Biden, Josh Hawley, Kristi Noem, rand paul, Ron Johnson, Sen. Ron Johnson, Senate Homeland Security and Governmental Affairs Committee, supreme court, Trump, Trump Administration, U.S. Supreme Court
Noem: No anti-disinformation, misinformation action under her as DHS secretary
Department of Homeland Security secretary nominee Kristi Noem committed to senators Friday that if confirmed she would keep the department out of efforts to combat disinformation and misinformation, and pledged to make the Cybersecurity and Infrastructure Security Agency “smaller, more nimble.” The South Dakota governor’s remarks signal that the incoming Trump administration will act on…
Asia Pacific, china, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), DARPA, Global Security News, nsa, Software
Closing software-understanding gap is critical to national security, CISA says
With Chinese-sponsored hackers lingering in the IT systems of various U.S. critical infrastructure networks, potentially imminent threats to the country’s national security abound. The Cybersecurity and Infrastructure Security Agency and federal partners hope to lessen that threat by closing a so-called “software understanding gap.” In a document released Thursday with the Defense Advanced Research Projects…
CDK Global, Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, MOVEit Transfer, resilience, Salt Typhoon, Volt Typhoon
Restoring U.S. cyber resilience: A blueprint for the new administration
As the incoming Trump administration prepares to take office, it confronts a critical juncture for cybersecurity. The escalating digital threats from state-sponsored adversaries like China, Iran, North Korea and Russia coincide with fractured global governance and a shifting domestic policy landscape. This moment presents a unique opportunity for the administration to establish itself as a…
AI, AI executive order, Artificial Intelligence, Bennie Thompson, Biden, Biden administration, Bob Kolasky, Center for Cybersecurity Policy and Law, Center for Democracy & Technology, Center for Democracy and Technology, Chris Inglis, CISA, cloud computing, contracting, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Donald Trump, Emerging Tech, encryption, fraud, Global Security News, Government, House Homeland Security Committee, Joe Biden, Mark Green, National Cyber Director, National Risk Management Center, National Security Council, National Security Council (NSC), Office of the National Cyber Director, operational technology, phishing, quantum computing, supply chain, supply chain security, Trump, Trump Administration
Biden cyber executive order gets mostly plaudits, but its fate is uncertain
A sweeping executive order on cybersecurity released Thursday won largely positive reviews, with the main question being its timing — and what will come of it with the executive branch set to be handed over from president to president. Chris Inglis, the former national cyber director for Joe Biden who has served under both Democrats…
Amazon Web Services (AWS), Asia Pacific, china, CISA, Congress, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Foundation for Defense of Democracies, Global Security News, Google, Government, Jack Cable, Microsoft, Policy, regulation, Salt Typhoon, secure by design, telecommunications, Treasury Department, Volt Typhoon
A CISA secure-by-design guru makes the case for the future of the initiative
One of the chief architects of the Cybersecurity and Infrastructure Security Agency campaign to get software developers to design their products with security in mind said he believes it could be one of the best tools the Trump administration has to counter China. Jack Cable, who is departing his role as senior technical adviser Thursday,…
AI, Artificial Intelligence (AI), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Global Security News, Joint Cyber Defense Collaborative (JCDC), North America, nsa
CISA’s AI cyber collaboration playbook aims to spur information-sharing
The Cybersecurity and Infrastructure Security Agency is making one last push before the change in administration for increased information sharing between the public and private sectors, releasing an artificial intelligence-focused playbook Tuesday that aims to foster “a unified approach” to handling AI-related cyber threats. The agency’s AI Cybersecurity Collaboration Playbook was developed with the FBI,…
Artificial Intelligence, Artificial Intelligence (AI), china, CISA, Commerce Department, critical infrastructure, Cybercrime, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Defense, Department of Defense (DOD), Dept of Commerce, DOD, Executive order, Global Security News, Government, North America, Policy, privacy, quantum computing, regulation
Second Biden cyber executive order directs agency action on fed security, AI, space
A draft cybersecurity executive order would tackle cyber defenses in locations ranging from outer space to the U.S. federal bureaucracy to its contractors, and address security risks embedded in subjects like cybercrime, artificial intelligence and quantum computers. The draft, a copy of which CyberScoop obtained, constitutes one big last stab at cybersecurity in the Biden…
critical infrastructure, cyber hygiene, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, vulnerabilities
CISA report touts cyber hygiene enrollment surge for critical infrastructure orgs
The Cybersecurity and Infrastructure Security Agency has seen a surge in its Cyber Hygiene (CyHy) service enrollment from critical infrastructure organizations over a two-year period, with the communications sector representing the biggest jump. In a report released Friday, CISA said an analysis of the 7,791 critical infrastructure organizations enrolled in the agency’s vulnerability scanning service…
Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), exploit, Exploits, Global Security News, ivanti, malware, Mandiant, SPAWN, UNC5221, UNC5337, vulnerabilities, zero days
New zero-day exploit targets Ivanti VPN product
A year after a series of vulnerabilities impacting a pair of Ivanti VPN products prompted an emergency directive from the Cybersecurity and Infrastructure Security Agency to federal agencies, the Utah-based software firm is again experiencing issues with one of its signature systems. The company on Wednesday disclosed two vulnerabilities — CVE-2025-0282 and CVE-2025-0283 — that…
Android, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), encrpytion, FIDO, Global Security News, Government, iPhone, Mobile Security, Multi-Factor Authentication (MFA), Salt Typhoon, signal, SIM Swapping, smartphone, Threats, Yubico
CISA pushes guide for high-value targets to secure mobile devices
The Cybersecurity and Infrastructure Security Agency unveiled a detailed set of guidelines Wednesday to safeguard the mobile communications of high-value government targets in the wake of the ongoing Salt Typhoon telecom breach. The guide aims to help both political and federal leadership harden their communications and avoid any data interception by the Chinese-linked espionage group.…
Asia Pacific, Cloud Security, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Microsoft 365, SCuBa
CISA delivers new directive to agencies on securing cloud environments
Federal civilian agencies have a new list of cyber-related requirements to address after the Cybersecurity and Infrastructure Security Agency on Tuesday issued guidance regarding the implementation of secure practices for cloud services. CISA’s Binding Operational Directive (BOD) 25-01 instructs agencies to identify all of its cloud instances and implement assessment tools, while also making sure…
CISA, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, grants, Harry Coker, Jen Easterly, National Cyber Director, National Cybersecurity Strategy, North America, NSM-22, Office of the National Cyber Director, Policy, secure by design, semiconductors
Playbook advises federal grant managers how to build cybersecurity into their programs
Two U.S. cyber agencies released guidance Tuesday on how federal grant managers should incorporate cybersecurity in their programs for critical infrastructure projects, as well as how potential recipients can take it into account. The Office of the National Cyber Director and the Cybersecurity and Infrastructure Security Agency publication — the “Playbook for Strengthening Cybersecurity in…
CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Joint Cyber Defense Collaborative (JCDC), National Cyber Incident Response Plan, ODNI, ONCD
CISA pitches updated cyber incident response plan as an ‘agile, actionable’ framework
The Cybersecurity and Infrastructure Security Agency on Monday opened a month-long public comment period for its updated draft plan detailing how the public and private sectors should respond to significant cyber incidents. The revamped National Cyber Incident Response Plan — an effort from CISA, the agency’s Joint Cyber Defense Collaborative and the Office of the…
atlantic council, Ben Ray Lujan, budget, CALEA, china, CISA, Congress, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), FCC, Federal Bureau of Investigation (FBI), Federal Communications Commission, Geopolitics, Global Security News, Government, Jerry Moran, Jessica Rosenworcel, John Thune, Justin Sherman, Money, National Defense Authorization Act, NDAA, Policy, regulation, Salt Typhoon, Senate Commerce Committee, Technology, Ted Cruz, telecommunications, telecoms
Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches
The $3 billion that Congress folded into the annual defense policy bill to remove Chinese-made telecommunications technology from U.S. networks would be a huge start to defending against breaches like the Salt Typhoon espionage campaign, senators and hearing witnesses said Wednesday. Federal Communications Commission Chairwoman Jessica Rosenworcel recently told Hill leaders that the $1.9 billion…