The Department of Homeland Security has established a bug bounty program to encourage ethical hackers to probe its systems for vulnerabilities. DHS Secretary Alejandro Mayorkas told attendees at the Bloomberg Technology Summit that the Hack DHS initiative would offer $500 to $5,000 in rewards for hackers depending on the severity of flaws that they spot […]
A member of the Cybersecurity and Infrastructure Security Agency‘s new advisory committee said cloud service providers should not be allowed to charge the government extra for baseline security features that are expected of them in the first place. Alex Stamos, who is also a partner at the Krebs Stamos Group, added that it is “immoral” […]
The Cybersecurity and Infrastructure Security Agency has given federal agencies until Dec. 24 to apply fixes to the Apache Log4Shell system security flaw. The deadline follows CISA’s addition of the vulnerability to its critical remote code execution flaw catalog on Monday. The issue was spotted on Dec. 9 in remote code compromises against the servers […]
Officials from the Department of Homeland Security are asking the Cybersecurity Advisory Committee to propose solutions to help address cyberattacks. During a three-hour meeting on Friday, Cybersecurity and Infrastructure Security Agency Director Jen Easterly said the committee should come up with short papers that contain recommendations on how to implement cyber defense tactics. She pointed […]
A new Government Accountability Office report noted that the National Institutes of Health had not fully implemented cybersecurity recommendations to resolve system control deficiencies. The report is the public version of a June 2021 limited, official-use-only document detailing the NIH’s struggles on four core security functions: identifying risks, protecting systems from threats and vulnerabilities, detecting […]
Chainalysis, a blockchain data platform company, will provide the data and tools that stock trading platform Robinhood needs to launch its crypto wallet. Robinhood said it will use Chainalysis’ monitoring compliance solution, investigation software and certification programs to help meet regulatory requirements. The crypto wallet is expected to be released to all Robinhood users in […]
Cybersecurity officials and executives have issued warnings about a critical vulnerability in an Apache logging framework that could let an attacker remotely take control of a system. The Cybersecurity and Infrastructure Security Agency said the flaw affects versions 2.0-beta9 to 2.14.1 of the Log4j framework, an open-source, Java-based logging tool used for enterprise applications and […]
The National Institute of Standards and Technology is preparing to update its federal cybersecurity policy through a request for information that is expected to be issued in early 2022. Kevin Stine, chief of the applied cybersecurity division at NIST’s Information Technology Laboratory, said during an agency meeting that officials want to update the Cybersecurity Framework […]
The Government Accountability Office said in a new report that the Department of Defense failed to develop plans for an effective pilot phase of the Cybersecurity Maturity Model Certification program and that it left out industry on key implementation details. According to the report, the DOD’s plans to assess portions of the five-year CMMC implementation […]
CACI International announced that it has signed a memorandum of understanding with Yubico establishing the latter company as the exclusive provider of multi-factor authentication solutions in support of the former firm’s trusted mobile platforms. Under the deal, Palo Alto-based Yubico will provide its YubiKey 5 FIPS Series products for enhanced security and authentication protocols, CACI […]
