General Services Administration

CISA orders agencies to disable Microsoft Print Spooler in response to ‘PrintNightmare’ flaw

Posted on July 14, 2021 by Tim Starks

The Cybersecurity and Infrastructure Security Agency late Tuesday ordered federal agencies to disable the Microsoft Windows Print Spooler service because of an alarming flaw that could allow attackers to take over systems remotely. CISA, part of the Department of Homeland Security, gave agencies until midnight Wednesday to disable the service in response to the so-called “PrintNightmare” bug. Its “emergency directive” also ordered agencies to implement Microsoft security updates by July 20. The PrintNightmare issue has given Microsoft fits for weeks. It issued a patch last week that some security pros said didn’t work properly. On Tuesday, Microsoft issued another Print Spooler fix as part of its “Patch Tuesday” update, the latest of which also included answers for 13 “critical vulnerabilities” and four under active attack. “CISA has determined that this vulnerability poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action,” CISA said in its PrintSpooler […]

The post CISA orders agencies to disable Microsoft Print Spooler in response to ‘PrintNightmare’ flaw appeared first on CyberScoop.

Continue reading CISA orders agencies to disable Microsoft Print Spooler in response to ‘PrintNightmare’ flaw→

Feds aim to bolster data encryption practices for .gov websites

Posted on June 22, 2020 by Sean Lyngaas

The Trump administration is urging domain operators to include an extra layer of security on federal websites in an attempt to reduce the risk that hackers will spy on site visitors. The goal, which officials said could take “a few years” to achieve, is to get all websites with the .gov internet domain to use a standard that always encrypts a user’s connection to that site. Using that encryption by default is a way for agencies to boost security for a swath of public data being routed through internet domains they control. The security benefits of doing that “are meaningful and necessary to continue meeting the public’s expectation of safety on .gov services,” the General Services Administration, which oversees top-level domains for the U.S. government, said in a blog post published Sunday. The initiative builds on use of the HTTPS, a security protocol that internet users have come to expect from websites. HTTPS is meant to ensure that websites are legitimate, and protects […]

The post Feds aim to bolster data encryption practices for .gov websites appeared first on CyberScoop.

Continue reading Feds aim to bolster data encryption practices for .gov websites→

State Department scores an F on 2FA security

Posted on September 18, 2018 by Danny Bradbury

Senators have discovered that the State Department is breaking the law by not using multi-factor authentication in its emails. Continue reading State Department scores an F on 2FA security→

GSA tech chief defends 18F, says watchdog’s report ‘got our attention’

Posted on February 23, 2017 by Shaun Waterman

The head of the General Services Administration’s Technology Transformation Service is speaking up for 18F — the agency’s under-fire IT swat team — and vowing to change the cybersecurity rules that a watchdog accused 18F of ignoring. TTS Commissioner Rob Cook told CyberScoop that GSA was working to overhaul the IT security rules that 18F’s leadership flouted. “We will be […]

The post GSA tech chief defends 18F, says watchdog’s report ‘got our attention’ appeared first on Cyberscoop.

Continue reading GSA tech chief defends 18F, says watchdog’s report ‘got our attention’→

Watchdog: Federal agency 18F ignored IT regulations, cybersecurity rules

Posted on February 21, 2017 by Shaun Waterman

The Obama administration’s elite IT swat team 18F ran roughshod last year over cybersecurity rules set by the General Services Administration CIO and other officials, according to an audit report Tuesday from the agency’s internal watchdog. “Management failures in GSA IT and 18F caused a breakdown in compliance with GSA information technology security requirements,” reads the audit by […]

The post Watchdog: Federal agency 18F ignored IT regulations, cybersecurity rules appeared first on Cyberscoop.

Continue reading Watchdog: Federal agency 18F ignored IT regulations, cybersecurity rules→