Found 228 bookmarks
Custom sorting
DOGE as a National Cyberattack
DOGE as a National Cyberattack
In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications for national security are profound. First, it was reported that people associated with the newly created Department of Government Efficiency (DOGE) had accessed the US Treasury computer system, giving them the ability to collect data on and potentially control the department’s roughly ...
#schneier#EN#2025#DOGE#Cyberattack#US
·schneier.com·
DOGE as a National Cyberattack
U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report
U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report
In a first-of-its-kind report, the US government has revealed that it disclosed 39 zero-day software vulnerabilities to vendors or the public in 2023 for the purpose of getting the vulnerabilities patched or mitigated, as opposed to retaining them to use in hacking operations. It’s the first time the government has revealed specific numbers about its controversial Vulnerabilities Equities Process (VEP) — the process it uses to adjudicate decisions about whether zero-day vulnerabilities it discovers should be kept secret so law enforcement, intelligence agencies, and the military can exploit them in hacking operations or be disclosed to vendors to fix them. Zero-day vulnerabilities are security holes in software that are unknown to the software maker and are therefore unpatched at the time of discovery, making systems that use the software at risk of being hacked by anyone who discovers the flaw.
#zetter-zeroday#EN#2025#US#zero-day#disclose#VEP#Vulnerabilities#Report
·zetter-zeroday.com·
U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report
OpenAI launches ChatGPT Gov for U.S. government agencies
OpenAI launches ChatGPT Gov for U.S. government agencies
OpenAI on Tuesday announced the launch of ChatGPT for government agencies in the U.S. ...It allows government agencies, as customers, to feed “non-public, sensitive information” into OpenAI’s models while operating within their own secure hosting environments, OpenAI CPO Kevin Weil told reporters during a briefing Monday.
#cnbc#EN#2025#US#OpenAI#ChatGPT#government#sensitive#information
·cnbc.com·
OpenAI launches ChatGPT Gov for U.S. government agencies
Chinese hackers breached US government office that assesses foreign investments for national security risks
Chinese hackers breached US government office that assesses foreign investments for national security risks
Chinese hackers breached the US government office that reviews foreign investments for national security risks, three US officials familiar with the matter told CNN. The theft, which has not previously been reported, underscores Beijing’s keen interest in spying on a US government office that has broad powers to block Chinese investment in the US as tensions between the world’s two superpowers remain high. The breach was part of a broader incursion by the hackers into the Treasury Department’s unclassified system. The office targeted by the hackers, the Committee on Foreign Investment in the US (CFIUS), in December gained greater authority to scrutinize real estate sales near US military bases. US lawmakers and national security officials have grown increasingly worried that the Chinese government or its proxies could use land acquisitions to spy on those bases.
#cnn#EN#2025#US#government#China#breach#foreign#investments#CFIUS
·edition.cnn.com·
Chinese hackers breached US government office that assesses foreign investments for national security risks
China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says
China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says
The department notified lawmakers of the episode, which it said was linked to a state-sponsored actor in China. In a letter informing lawmakers of the episode, the Treasury Department said that it had been notified on Dec. 8 by a third-party software service company, BeyondTrust, that the hacker had obtained a security key that allowed it to remotely gain access to certain Treasury workstations and documents on them
#nytimes#EN#2024#US#Treasury#Breach#BeyondTrust#attribution#China#Hacked
·nytimes.com·
China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says
US Treasury says China accessed government documents in 'major' cyberattack
US Treasury says China accessed government documents in 'major' cyberattack
Treasury officials attributed the December theft of unclassified documents to China. The Treasury said it was notified on December 8 by BeyondTrust, a company that provides identity access and remote support tech for large organizations and government departments, that hackers had “gained access to a key used by the vendor” for providing remote access technical support to Treasury employees. BeyondTrust disclosed the incident at the time, but did not say how the key was obtained.
#techcrunch#EN#2024#US#Treasury#China#BeyondTrust#cyberattack#attribution
·techcrunch.com·
US Treasury says China accessed government documents in 'major' cyberattack
At least 8 US telcos, dozens of countries impacted by Salt Typhoon breaches, White House says | The Record from Recorded Future News
At least 8 US telcos, dozens of countries impacted by Salt Typhoon breaches, White House says | The Record from Recorded Future News
Senators briefed on the wide-ranging breaches by Chinese hackers called for action on Wednesday to protect the country's telecommunications networks.
#therecord.media#EN#2024#telcos#US#Salt-Typhoon#China#breaches
·therecord.media·
At least 8 US telcos, dozens of countries impacted by Salt Typhoon breaches, White House says | The Record from Recorded Future News
Office of Public Affairs | Phobos Ransomware Administrator Extradited from South Korea to Face Cybercrime Charge
Office of Public Affairs | Phobos Ransomware Administrator Extradited from South Korea to Face Cybercrime Charge
The Justice Department unsealed criminal charges today against Evgenii Ptitsyn, 42, a Russian national, for allegedly administering the sale, distribution, and operation of Phobos ransomware.
#justice.gov#US#2024#EN#Phobos#Ransomware#Administrator#Extradited
·justice.gov·
Office of Public Affairs | Phobos Ransomware Administrator Extradited from South Korea to Face Cybercrime Charge
The story behind HISAA
The story behind HISAA
Health care breaches lead to legislation Highlights of the new standard include: Performing and documenting a security risk analysis of exposure Documentation of a business continuity plan (BCP) Stress test of resiliency and documentation of any planned changes to the BCP A signed statement by both the CEO and CISO of compliance * A third-party audit to certify compliance (no later than six months after enactment)
#theregister#EN#2024#HISAA#standard#legal#US#health#legislation
·theregister.com·
The story behind HISAA
Lynx Ransomware: A Rebranding of INC Ransomware
Lynx Ransomware: A Rebranding of INC Ransomware
Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics. Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics.
#paloaltonetworks#EN#2024#Lynx#Ransomware#INC#US#UK#analysis
·unit42.paloaltonetworks.com·
Lynx Ransomware: A Rebranding of INC Ransomware