Cyber

“Hack the Army 3.0” is taking place from January 6 to February 17. It is an invitation-only bug-hunting contest conducted by the Defense Digital Service in cooperation with cybersecurity platform HackerOne, involving both military and civilian hackers (though only civilians are eligible for cash prizes). In the previous Hack the Army program, which ran in […]

On December 16, 2020, the German Federal Government passed a draft law that substantially amends some of Germany’s information technology laws (“IT laws”). These amendments aim to adapt the current legal framework to the increasing digitalization of products and services, the proliferation of IoT products, and the appearance of new cybersecurity threats. The draft law […]

The General Services Administration is developing the Vendor Risk Assessment Program: a tool to “identify, assess and monitor supply chain risks of critical vendors.”...

Senator Mark Warner (D-VA), imminent chair of the Senate Intelligence Committee, has accused the White House of diluting the federal government’s identification of Russia as the likely perpetrators of the SolarWinds breach. An inside source says that the earlier drafts of the White House statement did not qualify the attribution to Russia as only “likely,” […]

The U.S. Federal Judiciary announced new safeguards and procedures to protect sensitive court records in light of a recent apparent cybersecurity breach. Last month, the Department of Homeland Security issued an emergency directive regarding the compromise involving SolarWinds Orion products. The judiciary was notified of this issue by the Administrative Office of the U.S. Courts, […]

The National Security Agency has released guidance on how federal agencies and contractors should replace obsolete protocols for encrypting network traffic. NSA recommends that organizations discontinue use of SSL (any version), TLS 1.0, and TLS 1.1, and only use TLS 1.2 or TLS 1.3. It has released a free detection tool for identifying obsolete versions. […]

Les Buday of the CMMC Advisory Body offers advice for small business owners who work for the Defense Department or hope to. “You have some digital hygiene to do – NOW,” he says. Buday offers advice to consider when looking for an advisor to support getting an organization certified. “There is no better time than […]

The Cybersecurity and Infrastructure Security Agency has evidence that trojanized SolarWinds software isn’t the only way these particular hackers have been getting access to the federal government’s networks. Other methods include “password guessing, password spraying, and inappropriately secured administrative credentials,” according to a new CISA alert. Threat actors abusing Security Assertion Markup Language tokens – […]

Just in case your office or company is in the process of compiling a “to-do” list for 2021, here is one item that should have your full attention. On January 5, 2021, an amendment to the HITECH Act (H.R.7898) was signed into law requiring the U.S. Department of Health and Human Services “to consider certain […]

The Australian Cyber Security Center has published a guide on identifying cyber supply chain risks in suppliers, manufacturers, distributors and retailers. A key area flagged is foreign control, influence, and interference, and suggests a questionnaire for the suppliers which includes the following questions: What access might a foreign government gain in controlling or interfering with […]