![](https://webcf.waybackmachine.org/web/20211026110024im_/https://sites.breakingmedia.com/uploads/sites/3/2021/10/LMXT_F-22-150x150.jpg)
![](https://webcf.waybackmachine.org/web/20211026110024im_/https://sites.breakingmedia.com/uploads/sites/3/2021/09/Header_CUAS_SponCon_1200x640-300x160.jpg)
New campaign is evidence “Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling — now or in the future — targets of interest to the Russian government,” researchers say.
By Lee FerranSign up and get the latest news in your inbox.
We will never sell or share your information without your consent. See our privacy policy.“I have a mantra of ‘I want to kill to the [Common Access Card] as the primary authentication mechanism for the department’,” Lt. Gen. Robert Skinner said. “Industry has better authentication, and it’s not just two-factor, it’s truly multi-factor authentication.”
By Brad D. Williams“We aim to convey that, ‘Hello, we are from the government, and we’re here to help’ is not a scary idea,” the general joked, alluding to a famous quote by former President Reagan.
By Brad D. Williams“Academics will sit back and say, ‘Well, if you just did that and that and that, you would have avoided it.’ But if there’s no way to impose risk or consequences for [threat actors] doing it, your day is coming,” Mandia said.
By Brad D. Williams“It’s part of a larger diplomatic strategy,” cyber policy expert James Lewis said of the US attribution to China for Microsoft Exchange hacks earlier this year.
By Brad D. WilliamsThe Exchange campaign attribution will also provide hints about the role of the first national cyber director in such incidents. NSA veteran Chris Inglis was confirmed for the position just weeks ago.
By Brad D. WilliamsSen. Warner’s draft legislation, long expected, marks one of the first attempts to create a federal law mandating cyber incident reporting by some entities. Notably, the bill provides reporting entities with a degree of privacy and legal protection.
By Brad D. WilliamsThe cyber executive order “properly emphasizes” information sharing. Sens. Peters and Portman float updating FISMA. FERC calls for mandatory pipeline cyber standards. Report says vulnerable Exchange Server “most likely culprit” at Colonial. FireEye details DarkSide’s business ops.
By Brad D. Williams“It reflects a fundamental shift in our mindset — from incident response to prevention, from talking about security to doing security,” a senior administration official says.
By Brad D. WilliamsZero-trust security “is not one single product that one can purchase off the shelf,” a NIST scientist observes. But underlying zero trust’s many component parts are a few critical elements, including identity and automation.
By Brad D. WilliamsThe patch secures a zero-day vulnerability disclosed last month and is just one of four vulnerabilities being actively exploited in Pulse Connect Secure.
By Brad D. Williams“We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly,” CISA’s deputy executive assistant director told Breaking Defense.
By Brad D. Williams“My hope is that we can create this structure… to get an early warning system,” the Senate Intel Committee chair said. “Voluntary sharing is no longer effective.”
By Brad D. WilliamsThreat actors are targeting one newly discovered and three previously known vulnerabilities in Pulse Connect Secure enterprise VPNs, according to a CISA emergency directive and alert, as well as blog posts by FireEye and Ivanti. “There is no indication the identified backdoors were introduced through a supply chain compromise of the company’s network or software deployment process,” FireEye noted.
By Brad D. Williams