Pipeline Hack Points to Growing Cybersecurity Risk for Energy System

Energy infrastructure has increasingly come under assault, and analysts said the attack that cut off fuel supplies this week should be a “wake-up call.”

#colonial-pipeline-co, #computer-security, #cyberattacks-and-hackers, #cybersecurity-and-infrastructure-security-agency, #extortion-and-blackmail, #global-warming, #greenhouse-gas-emissions, #oil-petroleum-and-gasoline, #pipelines

Biden Names Chris Inglis to Be First National Cyber Director

Chris Inglis will be nominated to the new post as the president fills out his cybersecurity team and the U.S. considers responses to recent attacks.

#biden-joseph-r-jr, #computer-security, #computers-and-the-internet, #cybersecurity-and-infrastructure-security-agency, #cyberwarfare-and-defense, #easterly-jen, #homeland-security-department, #inglis-chris, #national-security-agency, #silvers-robert, #solarwinds, #united-states-cyber-command, #united-states-defense-and-military-forces, #united-states-politics-and-government, #us-federal-government-data-breach-2020

As Understanding of Russian Hacking Grows, So Does Alarm

Those behind the widespread intrusion into government and corporate networks exploited seams in U.S. defenses and gave away nothing to American monitoring of their systems.

#amazon-com-inc, #biden-joseph-r-jr, #computers-and-the-internet, #crowdstrike-inc, #cybersecurity-and-infrastructure-security-agency, #cyberwarfare-and-defense, #defense-department, #fireeye-inc, #foreign-intelligence-service-russia, #homeland-security-department, #microsoft-corp, #nakasone-paul-m, #national-security-agency, #solarwinds, #spaulding-suzanne-e, #state-department, #trump-donald-j, #united-states-international-relations, #us-federal-government-data-breach-2020, #warner-mark-r

Bill That Trump Is Vowing to Veto Strengthens Hacking Defenses, Lawmakers Say

Additional powers to actively hunt down hackers across federal agencies could have given the government more of a chance to detect the recent Russia hack more quickly, they said.

#computer-security, #cybersecurity-and-infrastructure-security-agency, #cyberwarfare-and-defense, #espionage-and-intelligence-services, #gallagher-mike, #house-of-representatives, #king-angus-jr, #law-and-legislation, #senate, #solarwinds, #trump-donald-j, #united-states-politics-and-government, #us-federal-government-data-breach-2020, #vetoes-us

How Many of Our Networks Do the Russians Control?

The magnitude of this national security hack is hard to overstate.

#computer-security, #computers-and-the-internet, #cybersecurity-and-infrastructure-security-agency, #defense-department, #espionage-and-intelligence-services, #falsification-of-data, #fireeye-inc, #politics-and-government, #russia, #solarwinds, #united-states, #united-states-politics-and-government

Russian Hack, Undetected Since Spring, Upends Government Agencies

The Pentagon, intelligence agencies, nuclear labs and Fortune 500 companies use software that was found to have been compromised by Russian hackers. The sweep of stolen data is still being assessed.

#computer-security, #cybersecurity-and-infrastructure-security-agency, #cyberwarfare-and-defense, #defense-and-military-forces, #defense-department, #espionage-and-intelligence-services, #fireeye-inc, #homeland-security-department, #nakasone-paul-m, #national-security-agency, #russia, #solarwinds, #trump-donald-j, #united-states-politics-and-government

Cyberattacks Discovered on Vaccine Distribution Operations

IBM has found that companies and governments have been targeted by unknown attackers, prompting a warning from the Homeland Security Department.

#computer-security, #coronavirus-2019-ncov, #cybersecurity-and-infrastructure-security-agency, #cyberwarfare-and-defense, #drugs-pharmaceuticals, #gavi-the-vaccine-alliance, #homeland-security-department, #international-business-machines-corporation, #pfizer-inc, #vaccination-and-immunization

Trump Is Salting the Soil of American Democracy

It’s disgraceful, as is the support of his accomplices.

#biden-joseph-r-jr, #cybersecurity-and-infrastructure-security-agency, #krebs-christopher-c, #polls-and-public-opinion, #presidential-election-of-2020, #presidential-transition-us, #republican-party, #trump-donald-j, #united-states-politics-and-government, #voter-fraud-election-fraud

Trump Fires Christopher Krebs, Official Who Disputed Election Fraud Claims

Mr. Krebs had overseen election cybersecurity efforts, and had joined other officials in declaring the 2020 election “the most secure in American history.”

#appointments-and-executive-changes, #biden-joseph-r-jr, #computers-and-the-internet, #cybersecurity-and-infrastructure-security-agency, #cyberwarfare-and-defense, #homeland-security-department, #krebs-christopher-c, #presidential-election-of-2020, #trump-donald-j, #united-states-politics-and-government, #voter-fraud-election-fraud, #wray-christopher-a

Christopher Krebs Hasn’t Been Fired, Yet

Mr. Krebs’s government agency contradicted President Trump’s false claims that the election was rigged. At this point, Mr. Krebs, a former Microsoft executive, still has a job.

#content-type-personal-profile, #cybersecurity-and-infrastructure-security-agency, #cyberwarfare-and-defense, #homeland-security-department, #krebs-christopher-c, #presidential-election-of-2020, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #trump-donald-j, #united-states-politics-and-government, #voter-fraud-election-fraud

Feds issue emergency order for agencies to patch critical Windows flaw

Close-up photograph of computer networking components.

Enlarge (credit: Sebastian Kahnert/picture alliance via Getty Images)

The US Department of Homeland Security is giving federal agencies until midnight on Tuesday to patch a critical Windows vulnerability that can make it easy for attackers to become all-powerful administrators with free rein to create accounts, infect an entire network with malware, and carry out similarly disastrous actions.

Zerologon, as researchers have dubbed the vulnerability, allows malicious hackers to instantly gain unauthorized control of the Active Directory. An Active Directory stores data relating to users and computers that are authorized to use email, file sharing, and other sensitive services inside large organizations. Zerologon is tracked as CVE-2020-1472. Microsoft published a patch last Tuesday.

An unacceptable risk

The flaw, which is present in all supported Windows server versions, carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Further raising that stakes was the release by multiple researchers of proof-of-concept exploit code that could provide a roadmap for malicious hackers to create working attacks.

Read 9 remaining paragraphs | Comments

#active-directory, #biz-it, #cisa, #critical-vulnerabilities, #cybersecurity-and-infrastructure-security-agency, #department-of-homeland-security, #domain-controller, #tech, #updates, #windows-server