Security News

Out of eight U.S. federal agencies identified two years ago with critical cybersecurity failures, seven still don't meet basic standards, a new audit report found. "Inspectors general identified many of the same issues that have plagued Federal agencies for more than a decade. Seven agencies made minimal improvements and only DHS managed to employ an effective cybersecurity regime for 2020.".

DEF CON's "Spot the Fed" game is going to be a little easier than usual this year: the head of the US government's Homeland Security is giving a keynote. As a main stage speaker this year I can't say I'm terribly excited to be sharing a stage with this man.

A GAO report finds government agencies are using the technology regularly in criminal investigations and to identify travelers, but need stricter management to protect people's privacy and avoid inaccurate identification. Though the federal government widely uses facial recognition for various uses from criminal investigations to collecting traveler data, this use is largely unmonitored and unmanaged - a scenario that must change to protect people's privacy and avoid inaccurate identification of perpetrators, a government watchdog report has found.

In a huge sting operation, the U.S. Federal Bureau of Investigation and Australian Federal Police ran an "Encrypted chat" service called ANoM for almost 3 years to intercept 27 million messages between criminal gang members globally. "For almost three years, the AFP and the FBI have monitored criminals' encrypted communications over a Dedicated Encrypted Communications Platform," AFP said.

The U.S. Department of Justice was able to trace and recover around half of the ransom payment sent to DarkSide by Colonial Pipeline. On Monday, the U.S. Department of Justice revealed that it had managed to recover part of the ransom paid by Colonial Pipeline to its DarkSide attackers.

Uncle Sam on Tuesday said it had seized two web domains used to foist malware on victims using spoofed emails from the US Agency for International Development. The malicious messages, masquerading as legitimate emails from USAID, went out to thousands of email accounts at over a hundred different organizations.

Federal law enforcement in Maryland has shut down a fraudulent website targeting immigrant communities that claimed to be for a company developing a COVID-19 vaccine. The U.S. Attorney's Office for the District of Maryland, working with Homeland Security Investigations in Baltimore, seized "Freevaccinecovax.org," "Which purported to be the website of an actual biotechnology company developing a vaccine for the COVID-19 virus," according to a release on the office's website posted earlier this week.

Federal Reserve chairman Jerome Powell said he was more worried about the risk of a large-scale cyberattack than another financial crisis like that of 2008. The risks of a 2008-like crisis with a need for government bailouts of banks were "Very, very low," the head of the US central bank said during an interview aired Sunday on CBS's "60 minutes."

The FBI has issued a warning about an uptick in cyberattacks on the education sector that are delivering the PYSA ransomware. In a "Flash" alert to the cybersecurity community issued on Tuesday, the Feds said that PYSA has been seen in attacks on schools in 12 U.S. states and in the United Kingdom in March alone.

To kick off, there's CVE-2021-22987, which scores a 9.9 on the ten-point CVSS scale of severity as it "Allows authenticated users with network access to the Configuration utility, through the BIG-IP management port, or self IP addresses, to execute arbitrary system commands, create or delete files, or disable services." Administrators are advised the flaw allows "Complete system compromise and breakout of Appliance mode." Note that this can only be exploited via the control plane, and it does require an attacker to have a valid login - so a rogue insider or someone using stolen credentials, perhaps. At a mere 9.8 rating, CVE-2021-22986 "Allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services." Complete system compromise is again a possible consequence.