The Cybersecurity and Infrastructure Security Agency said it has detected malware from an advanced persistent threat that had been compromising an entity’s enterprise network since at least March 2020. Dubbed Supernova, the web shell malware exploited vulnerabilities in a Pulse Secure virtual private network device before moving laterally to the affected organization’s SolarWinds Orion server, […]
The Department of the Treasury has issued a notice of proposed contract action to procure cybersecurity assessment services from a small business. The vendor would provide systems security services support and enhance the mission assurance posture of the Treasury Department’s Office of Inspector General, according to the notice posted on SAM .gov. Under the terms […]
The Cybersecurity and Infrastructure Security Agency has released an emergency directive in response to the active exploitation of vulnerabilities in certain Pulse Connect Secure products that could allow remote code execution. ED 21-03 instructs affected agencies to mitigate any anomalous activity or active network exploitation by using the Pulse Connect Secure Integrity Tool. The solution […]
Adm. Charles Richard, commander of the U.S. Strategic Command, has expressed confidence in the cyber resilience of the country’s nuclear command, control and communications network, which links the president to commanders of nuclear forces. Speaking before members of the Senate Armed Services Committee, Richard said the NC3 network exists in relative isolation and has tremendous […]
The Missile Defense Agency has completed an on-site cybersecurity assessment of Trident Systems. The evaluation is part of a new directive requiring defense contractors to undergo an in-depth assessment of how well they are implementing the National Institute of Standards and Technology Special Publication 800-171, “Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations.” […]
The Department of Defense has designated Carahsoft’s blanket purchase agreement for Splunk solutions as a Core Enterprise Technology Agreement. As a CETA, Carahsoft’s purchasing vehicle is now mandatory for all DOD customers who want to acquire Splunk products and services. Carahsoft is the second vendor to have ever received the CETA designation. The first was […]
Applied Insight, a government technology provider, has announced an update for its cloud-based platform designed to help defense contractors comply with Cybersecurity Maturity Model Certification requirements. The Altitude platform’s new features will allow it to serve as a plug-and-play compliance solution for federal contractors working with the Department of Defense, Applied Insight said. “We can […]
David McKeown, the Department of Defense’s chief information security officer, said he wants to establish an office responsible for accelerating the agency’s adoption of zero trust. A zero trust security model operates as if a threat has already breached the perimeter and limits access to information for even users on the inside. McKeown told the […]
The House of Representatives is scheduled to vote on a bipartisan bill that aims to improve the country’s ability to prevent and respond to cyberattacks. Once enacted, the Cyber Diplomacy Act would require the establishment of a new Office of Cyber Issues within the Department of State. The proposed legislation also calls for the appointment […]
The Employee Benefits Security Administration within the Department of Labor has released new cybersecurity guidance to protect American workers’ retirement benefits and personal information. The guidance seeks to keep defined benefit plan participants in private pension plans and defined contribution plan participants safe from both internal and external cybersecurity threats, the DOL said. It comes […]
