“We’re still in the relatively early days even though this has been several weeks now,” Chris Painter said. “It could well be that Russia is holding those capabilities in the reserve and haven’t used them yet.”
By Jaspreet Gill“The FBI, CISA, and CGCYBER assess that advanced persistent threat cyber actors are likely among those exploiting the vulnerability,” the joint advisory notes.
By Brad D. WilliamsThe law’s vulnerability disclosure provisions will give the Chinese government a head start on remediating — and potentially exploiting — zero-day vulnerabilities, possibly to include those discovered in tech used by the Defense Department, Intelligence Community, and across the US public and private sectors more broadly.
By Brad D. Williams“So what will happen is you’ll be destroying your grandmother’s computer in Kansas that has been taken over,” cyber policy expert Herb Lin said. “It’s not clear to me that that’s the best way.”
By Brad D. Williams“It’s part of a larger diplomatic strategy,” cyber policy expert James Lewis said of the US attribution to China for Microsoft Exchange hacks earlier this year.
By Brad D. Williams“We shouldn’t be relying on voluntary reporting to protect our critical infrastructure,” Sen. Warner said.
By Brad D. Williams“The PRC’s pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world,” a senior administration official said on Sunday night.
By Brad D. Williams“CISA has validated various proofs of concept and is concerned that exploitation of this vulnerability may lead to full system compromise of agency networks if left unmitigated,” the emergency directive says.
By Brad D. Williams“This is a good reminder that the GRU remains a looming threat, which is especially important given the upcoming Olympics, an event they may well attempt to disrupt,” observed John Hultquist, VP of Analysis at Mandiant Threat Intelligence.
By Brad D. Williams“China is a second-tier cyber power but, given its growing industrial base in digital technology, it is the state best placed to join the US in the first tier,” an IISS report says.
By Brad D. WilliamsThe bad practices are aimed especially at — though not limited to — educating critical infrastructure owners and operators. This includes, of course, the defense industrial base and many who support its supply chain — from communications equipment and high-tech capabilities to electrical and mechanical components for military hardware, such as tanks, planes, and ships.
By Brad D. WilliamsSen. Warner’s draft legislation, long expected, marks one of the first attempts to create a federal law mandating cyber incident reporting by some entities. Notably, the bill provides reporting entities with a degree of privacy and legal protection.
By Brad D. Williams“If the past year has taught us anything, it’s the obligation we have as leaders to anticipate the unimaginable,” CISA nominee Easterly said. “I believe as a nation we remain at great risk of a catastrophic cyberattack.”
By Brad D. Williams“[Paying the ransom] was the hardest decision I’ve made in my 39 years in the energy industry… and I put the interest of the country first,” Colonial’s CEO told Congress. “I believe with all my heart [paying the ransom] was the right choice to make, but I want to respect those who see this issue differently.”
By Brad D. Williams