Category Archives: Vulnerabilities equities process (VEP)

NSA says it found new critical vulnerabilities in Microsoft Exchange Server

Posted on by

The National Security Agency on Tuesday said it alerted Microsoft to a fresh batch of critical vulnerabilities that hackers could exploit to remotely compromise the Exchange Server email software program. Microsoft said that it hadn’t see any hacks using the vulnerabilities on its customers, but the news comes at a time of heightened concern over bugs in Exchange Server. Microsoft on March 2 revealed that suspected Chinese spies had exploited another set of flaws in Exchange Server to siphon off emails from targeted U.S. organizations. A bevy of opportunistic cybercriminals proceeded to exploit those vulnerabilities, to which tens of thousands of U.S. businesses and state and local organizations were reportedly exposed. The latest software bugs that the NSA discovered are in the 2013, 2016 and 2019 versions of Exchange Server. Microsoft said that the vulnerabilities, if exploited, could allow an attacker to execute code remotely on a target computer. Like […]

The post NSA says it found new critical vulnerabilities in Microsoft Exchange Server appeared first on CyberScoop.

Continue reading NSA says it found new critical vulnerabilities in Microsoft Exchange Server

Grant Schneider steps down as federal CISO, heads to private sector

Posted on by

Grant Schneider, who has spent nearly three decades in the federal government, is leaving his post as the Trump administration’s chief information security officer for the private sector. Schneider is joining the Washington, D.C., office of law firm Venable as a senior director of cybersecurity services, the firm said in a statement Tuesday. Ari Schwartz, a Venable executive who worked in the Obama administration, lauded Schneider’s work as a federal official on supply chain security and encryption. Schneider spent more than 20 years at the Defense Intelligence Agency, the Pentagon’s spying arm, culminating in a multi-year tenure as chief information officer. He was also a senior official at the Office of Personnel Management in 2015 and 2016 as the agency continued to cope with the fallout of its massive 2014 data breach. At the National Security Council, Schneider was influential in cybersecurity policymaking. He headed the Vulnerabilities Equities Process, the […]

The post Grant Schneider steps down as federal CISO, heads to private sector appeared first on CyberScoop.

Continue reading Grant Schneider steps down as federal CISO, heads to private sector