National Security Council (NSC) – Page 2

Ukrainian government websites hacked amid rising regional security anxiety

Posted on January 14, 2022 by AJ Vicens

A series of Ukrainian government websites were temporarily unavailable Friday in what appeared to be a coordinated cyberattack against the backdrop of rising tensions between Russia and Ukraine. As a result of the massive hacking attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down,” Foreign Ministry spokesperson Oleg Nikolenko tweeted. “Our specialists are already working on restoring the work of IT systems. We apologize for any inconvenience.” Nikolenko told The Associated Press that it was too early to say who was behind the attacks, “but there is a long record of Russian cyber assaults against Ukraine in the past.” The websites for Ukraine’s Cabinet, seven ministries, treasury, National Emergency Service and the states services website were temporarily unavailable, the AP reported. A message was posted to the sites in Ukrainian, Russian and Polish warning that personal data had been leaked—a […]

The post Ukrainian government websites hacked amid rising regional security anxiety appeared first on CyberScoop.

Continue reading Ukrainian government websites hacked amid rising regional security anxiety→

White House hosts open-source software security summit in light of expansive Log4j flaw

Posted on January 13, 2022 by Tim Starks

Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to the widespread Log4j vulnerability that’s worrying industry and cyber leaders. Among the attendees are companies like Apple, Facebook and Google, as well as the Apache Software Foundation, which builds Log4j, a ubiquitous open-source logging framework for websites. “Building on the Log4j incident, the objective of this meeting is to facilitate an important discussion to improve the security of open source software — and to brainstorm how new collaboration could rapidly drive improvements,” a senior administration official said in advance of the meeting. The huddle convenes in light of a vulnerability discovered last month known as Log4Shell that could affect up to hundreds of millions of devices, and as federal officials, businesses and security researchers race to contain the potential fallout. It’s the latest of several Biden White House summits […]

The post White House hosts open-source software security summit in light of expansive Log4j flaw appeared first on CyberScoop.

Continue reading White House hosts open-source software security summit in light of expansive Log4j flaw→

Feds likely to fall short of deadline for strengthening encryption, multifactor authentication

Posted on November 5, 2021 by Tim Starks

A winning streak of hitting deadlines under President Joe Biden’s ambitious May cybersecurity executive order is widely expected to end Monday, affecting changes that administration officials have touted most: implementing multifactor authentication and encryption at all civilian federal agencies. Multifactor authentication — which requires users to access websites and systems by entering a password and also using a second device to verify their identity — could prevent 80% to 90% of all successful cyberattacks, Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger said in September. Encryption is another of the handful of technologies the administration has emphasized that “dramatically reduce the risk of attack,” Neuberger has said. The executive order’s goal was to set “aggressive but achievable” deadlines, officials have repeatedly said, and “We’ve met each timeline along the way,” Neuberger said in October. As important as multifactor authentication (MFA) and encryption are, however, current and former […]

The post Feds likely to fall short of deadline for strengthening encryption, multifactor authentication appeared first on CyberScoop.

Continue reading Feds likely to fall short of deadline for strengthening encryption, multifactor authentication→

National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim

Posted on October 28, 2021 by Tim Starks

National Cyber Director Chris Inglis is fleshing out what, exactly, his new office plans to do with itself. With a “strategic intent statement,” a personnel move, a pair of interviews and a newspaper op-ed, Inglis and his office on Thursday provided their most concrete objectives to date for a White House post that sprung into existence in January, and that Inglis won confirmation for in June. He joined a crowded field of feds focused on cyber, from other offices within the White House to departments and agencies like the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Agency and the National Security Agency. Inglis said Thursday that it’s a natural, when looking at the disparate organizations in the federal government with cybersecurity responsibilities, to wonder who’s in charge. But he said there were “more appropriate” questions. “How do we bring coherence, how do drive public-private collaboration, how do we have […]

The post National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim appeared first on CyberScoop.

Continue reading National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim→

Treasury sanctions cryptocurrency platform for working with ransomware payments

Posted on September 21, 2021 by Tonya Riley

The Treasury Department on Tuesday announced sanctions against a cryptocurrency exchange for facilitating transactions involving money illegally gained via ransomware hacking, the first action of its kind. The sanctions against Russia-based exchange Suex are a significant step by the Biden administration in making it harder for cybercriminals to access payments, with the ultimate goal of disrupting the rapid rise of ransomware attacks. (The government did not disclose which hacking groups allegedly laundered their funds through the service.) “Exchanges like Suex are critical to attackers’ ability to extract profits from ransomware attacks. This action is a signal of our intention to expose and disrupt illicit infrastructure using these attacks,” said Wally Adeyemo, deputy secretary of the Treasury Department. Over 40% of Suex’s transactions are associated with illegal activity, according to the Treasury Department. The new sanctions block all of Suex’s property and business interests in the U.S. and threaten additional sanctions […]

The post Treasury sanctions cryptocurrency platform for working with ransomware payments appeared first on CyberScoop.

Continue reading Treasury sanctions cryptocurrency platform for working with ransomware payments→