Security News

A hole in a Department of Defense email server operated by Microsoft left more than a terabyte of sensitive data exposed less than a month after Office 365 was awarded a higher level of US government security accreditation. According to security researcher Anurag Sen, who discovered the issue and shared it, the openly accessible server was part of an internal mailbox system hosted on Azure Government Cloud and used by the DoD for a variety of purposes - including the processing of security clearance paperwork.

The Measure & Share Storage Virtual Fabric addresses a specific and critical need within the DoD to improve the efficiency and effectiveness of cyber testing, allowing accurate information sharing across organizational and classification enclaves. The Me&S Storage Virtual Fabric will enable the DoD to securely ingest, store, manage, analyze and share data in support of its cyber testing operations.

The NSA has has published criteria for evaluating levels of assurance required for DoD microelectronics. The introductory report in a DoD microelectronics series outlines the process for determining levels of hardware assurance for systems and custom microelectronic components, which include application-specific integrated circuits, field programmable gate arrays and other devices containing reprogrammable digital logic.

The U.S. Department of Justice has announced the conviction of Sercan Oyuntur, 40, resident of California, for multiple counts relating to a phishing operation that caused $23.5 million in damages to the U.S. Department of Defense. After an eight-day trial in Camden, California, Oyuntur was found guilty of conspiracy to commit wire, mail, and bank fraud, unauthorized device access, aggravated identity theft, and making false statements to federal law enforcement officers.

A US Department of Defense staffer with top-secret clearance stole the identities of dozens of people from a work IT system to fraudulently apply for loans totaling nearly a quarter of a million dollars. Lee, who worked for Uncle Sam's Defense Contract Management Agency as an analyst, raided the organization's Microsoft SharePoint system for people's private data to pull off his greedy scheme.

Sarcos Defense and BAE Systems announced that the companies are partnering to develop advanced perception and sensing capabilities for autonomous platforms for Air Force Research Laboratory, to benefit Department of Defense operations. This platform will aim to address the complex issues that involve the coordination of both individual and multiple cooperating heterogeneous autonomous platforms, including unmanned aircraft systems and unmanned ground vehicles equipped with standard multi-modal sensors, such as cameras, radar, and LiDAR. The expected result will coalesce multiple environmental inputs and combine with artificial intelligence and machine learning technologies to enable unmanned systems to work together in greater harmony, both alone and coordinating with each other in "Swarm" scenarios.

announced that its healthcare security and cloud security certifications have been approved by the U.S. Department of Defense as prerequisites of employment for certain security workforce categories. Following approval by the DoD Senior Information Security Officer and a recommendation by the Cyber Workforce Advisory Group Certification Committee, the HealthCare Information Security and Privacy Practitioner and the Certified Cloud Security Professional certifications are the latest additions to the DoD 8570 Approved Baseline Certifications table that is publicly available on the DoD Cyber Exchange website.

Booz Allen Hamilton was awarded a 5-year, $674M contract by the General Services Administration to maintain and support the exponential growth of the Department of Defense's Advana data analytics platform to improve decision making across the organization. Advana, led by the Office of the Under Secretary of Defense, integrates hundreds of business systems across the DoD - from financial and medical data to personnel and logistics - to make data widely accessible, understandable and usable.

While the CMMC doesn't completely replace the National Institute of Standards and Technology SP 800-171, it does include and build on these standards for a clear purpose. Enter the CMMC. With this new regulation, the DoD establishes five levels of cybersecurity preparedness, ranging from level one to level five.

The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems. The program has been running on HackerOne since 2016 when the DOD's Hack the Pentagon initiative was launched and provides security researchers with means to engage with the DOD when they identify vulnerabilities in the department's public-facing websites and applications.