Friday, January 22, 2021

Subscribers Only

Free

Army’s Third, Invitation-Only Bug-Hunting Program Underway

“Hack the Army 3.0” is taking place from January 6 to February 17. It is an invitation-only bug-hunting contest conducted by the Defense Digital Service in cooperation with cybersecurity platform HackerOne, involving both military and civilian hackers (though only civilians are eligible for cash prizes). In the previous Hack the Army program, which ran in […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

German Federal Government Passed a Draft Law Amending Germany’s Information Technology Laws

On December 16, 2020, the German Federal Government passed a draft law that substantially amends some of Germany’s information technology laws (“IT laws”). These amendments aim to adapt the current legal framework to the increasing digitalization of products and services, the proliferation of IoT products, and the appearance of new cybersecurity threats. The draft law […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GSA Solicits Feedback on Supply Chain Risk Management Program

The General Services Administration is developing the Vendor Risk Assessment Program: a tool to “identify, assess and monitor supply chain risks of critical vendors.”...

Senator Mark Warner Says White House “Watered Down” Attribution of SolarWinds Hack to Russia

Senator Mark Warner (D-VA), imminent chair of the Senate Intelligence Committee, has accused the White House of diluting the federal government’s identification of Russia as the likely perpetrators of the SolarWinds breach. An inside source says that the earlier drafts of the White House statement did not qualify the attribution to Russia as only “likely,” […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Federal Judiciary Responds to SolarWinds with Cybersecurity Safeguards

The U.S. Federal Judiciary announced new safeguards and procedures to protect sensitive court records in light of a recent apparent cybersecurity breach. Last month, the Department of Homeland Security issued an emergency directive regarding the compromise involving SolarWinds Orion products. The judiciary was notified of this issue by the Administrative Office of the U.S. Courts, […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

NSA Gives Guidance on Upgrading from Obsolete Encryption Protocols

The National Security Agency has released guidance on how federal agencies and contractors should replace obsolete protocols for encrypting network traffic. NSA recommends that organizations discontinue use of SSL (any version), TLS 1.0, and TLS 1.1, and only use TLS 1.2 or TLS 1.3. It has released a free detection tool for identifying obsolete versions. […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CMMC Advisory Body Offers Advice for Small Defense Contractors

Les Buday of the CMMC Advisory Body offers advice for small business owners who work for the Defense Department or hope to. “You have some digital hygiene to do – NOW,” he says. Buday offers advice to consider when looking for an advisor to support getting an organization certified. “There is no better time than […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CISA Warns that SolarWinds Hackers Also Breaching Networks Using Passwords, Other Techniques

The Cybersecurity and Infrastructure Security Agency has evidence that trojanized SolarWinds software isn’t the only way these particular hackers have been getting access to the federal government’s networks. Other methods include “password guessing, password spraying, and inappropriately secured administrative credentials,” according to a new CISA alert. Threat actors abusing Security Assertion Markup Language tokens – […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Amendment to HITECH Act Incentives Security with Possible Fine Reductions

Just in case your office or company is in the process of compiling a “to-do” list for 2021, here is one item that should have your full attention. On January 5, 2021, an amendment to the HITECH Act (H.R.7898) was signed into law requiring the U.S. Department of Health and Human Services “to consider certain […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Australian Cyber Security Center Guide to Identifying Supply Chain Cybersecurity Risks

The Australian Cyber Security Center has published a guide on identifying cyber supply chain risks in suppliers, manufacturers, distributors and retailers. A key area flagged is foreign control, influence, and interference, and suggests a questionnaire for the suppliers which includes the following questions: What access might a foreign government gain in controlling or interfering with […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.