CISA

Third-party contractor software exploited in attack on HHS data

An official with the Department of Health and Human Services said attackers gained access to data by exploiting a major vulnerability found in the popular MOVEit file transfer service.

  • By Chris Riotta

Critical cyber threats persist on federal networks despite recent directives

Hundreds of devices on federal networks remain in apparent violation of a recent Binding Operational Directive from the Cybersecurity and Infrastructure Security Agency, according to a new report. 

  • By Chris Riotta

No 'systemic risk' to government networks from latest breach, CISA says

The nation’s cyber defense agency confirmed it was providing assistance to several federal agencies that have been impacted in an apparent global cyberattack.

  • By Chris Riotta

CISA's new directive targets devices that can be configured over public internet 

The nation’s cyber defense agency is requiring all federal civilian agencies to remove such devices from their networks. 

  • By Chris Riotta

Federal vision to streamline cyber incident reporting expected this summer

The Cyber Incident Reporting Council will issue a report to Congress "in the next month or two" with recommendations on ways to achieve harmony across a complex network of federal cyber mandates. 

  • By Chris Riotta

CISA is growing up, CIO says

CISA's Bob Costello talks top priorities, challenges and growing pains and progress for a CIO office in a relatively young federal agency.

  • By Natalie Alms

CISA: 'Multiple threat actors' used old exploit to access federal agency servers

At least two groups tried to exploit the vulnerability to get deeper into the agency’s networks, including a Vietnamese criminal gang.

  • By Aaron Boyd

CISA teases industry day for operational strategy support

The cybersecurity agency is planning to field a multiple award schedule contract for consultant services to help shape its operational strategy.

  • By Carten Cordell

White House looks to shore up public trust in government websites

Federal agencies need to use 'memorable' and succinct domain names for government websites, per guidance issued on Wednesday.

  • By Chris Riotta

Hackers used legit remote monitoring software to hack agency networks

Guidance from the National Security Agency and the Cybersecurity and Infrastructure Security Agency describe a phishing attack on a federal employee that used fake help desk domains to gain access to at least two federal civilian executive branch networks.

  • By Carten Cordell

CISA, NSA and industry outline security responsibilities of software suppliers

New guidance from the federal agencies—and major companies serving the government—tries to distinguish between the security duties of software developers, suppliers and consumers.

  • By Mariam Baksh

CDM team helped define cyber directives

Governmentwide cyber hygiene orders are increasingly taking into account the capabilities of Continuous Diagnostics and Mitigation tools.

  • By Adam Mazmanian

CISA sets voluntary cyber performance targets for critical infrastructure

A new set of documents and resources from the agency is designed to help critical infrastructure operators manage the basics of cybersecurity.

  • By Chris Riotta

CISA seeks feedback on baseline measures to secure cloud configuration

Initial baselines address Microsoft services, and baselines for configuring rival services from Google are up next. 

  • By Mariam Baksh
Featured eBooks

CISA orders agencies to conduct weekly scans of networks and digital assets

The Cybersecurity and Infrastructure Security Agency is taking a major step towards increasing its visibility into the risks facing federal networks.

  • By Chris Riotta

CISA launches DNS resolution shared service

The nation's cyber defense agency is launching a new shared service offering for all federal civilian agencies to bolster governmentwide cybersecurity and help thwart emerging internet traffic threats.

  • By Chris Riotta

CISA warns critical infrastructure to prepare for mass post-quantum systems migration

Quantum computing is the latest frontier in technological innovation, and its hacking potential has regulators advising companies to begin to safeguard their networks. 

  • By Alexandra Kelley

CISA's cyber info sharing program didn't always deliver, watchdog says

The Cybersecurity and Infrastructure Security Agency did not always provide more than 300 participants of a public-private cyber threat partnership with actionable information to address potential vulnerabilities, according to an oversight report.

  • By Chris Riotta

Cyber Safety Review Board staffs up

The chair of the Cyber Safety Review Board has ambitious goals for the organization following its public review of the Log4j software vulnerability.

  • By Chris Riotta

Former CISA chief wants a new, cross-cutting new agency to lead federal cyber

Chris Krebs wants to establish a new agency to focus on privacy, data and cyber risks facing the U.S., or to pull the Cybersecurity and Infrastructure Security Agency from under the Department of Homeland Security.

  • By Chris Riotta

Misinformation campaigns and threats are undermining confidence in U.S. elections, official says

CISA is ramping up efforts to defend voting systems from outside intrusion, but the spread of online misinformation and threats against election officials still damage faith in the electoral process.

  • By Edward Graham