Evanina: Combating China’s ‘Existential’ Cyber, Influence Threats Requires Post-9/11 Intensity
Eighty percent of U.S. adults have had all of their personal data stolen thanks to China's "persistent and unending resources." Keep Reading
NCSC and CDSE Publish Insider Risk Mitigation Guide for the Food and Agriculture Sector
Several case studies about food adulteration, theft of intellectual property, and active shooter incidents by insiders in the food and agriculture sector are included in the document, as are links to additional resources from the federal government and other entities. Keep Reading
NSA, Partners Release Cybersecurity Advisory on Russian Brute Force Global Cyber Campaign
The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) has targeted hundreds of U.S. and foreign organizations using brute force access to penetrate government and private sector victim networks. Keep Reading
National Cyber Security Centre Cyber Awareness Campaign Launches
The United Kingdom (UK) National Cyber Security Centre (NCSC) has launched a new cyber security campaign encouraging the public to adopt six behaviors to stay safe online. Keep Reading
NCSC Releases Alert on Microsoft SharePoint Vulnerability
An attacker could exploit this vulnerability to take control of an affected system. Applying patches from Microsoft’s October 2020 Security Advisory for CVE-2020-16952 can prevent exploitation of this vulnerability. Keep Reading
Insider Threat Month
NCSC and the National Insider Threat Task Force (NITTF) Partner for National Insider Threat Awareness Month
The goal is to educate federal and industry employees about the risks posed by insider threats and encourage employees to recognize and report anomalous activities so early intervention can occur, leading to positive outcomes for at-risk individuals and reduced risks to organizations. Keep Reading
Five Eyes Countries Release Joint Guidance for Spotting, Responding to Malicious Cyber Activity
The guide covers technical approaches to uncover malicious activity, recommended artifact and information collection, common mistakes in incident handling, mitigation measures, and general recommendations and best practices prior to an incident. Keep Reading
Potential Legacy Risk from Malware Targeting QNAP NAS Devices
CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP. Keep Reading
ODNI Announces Changes to Election Security Briefings
The ODNI announced that the U.S. Intelligence Community (IC) will lead all intelligence-based threat briefings to candidates, campaigns, and political organizations under the U.S. Government’s notification framework Keep Reading
Coronavirus
CISA, NCSC Warn That APT Groups Target Healthcare and Essential Services
CISA and NCSC continue to see indications that advanced persistent threat (APT) groups are exploiting the Coronavirus Disease 2019 (COVID-19) pandemic as part of their cyber operations. Keep Reading
Evanina: Root Out Supply Chain’s Weak Links in Private Sector, Procurement Departments
"If you make security part of mission the counterintelligence piece will take care of itself," NCSC director advises companies. Keep Reading
Don’t Be the Weakest Link: NCSC National Supply Chain Integrity Month Events
The cost to our nation comes not only in lost innovation, jobs, and economic advantage, but also in reduced U.S. military strength. Keep Reading
NCSC Launches ‘Know the Risk, Raise Your Shield’ Campaign to Warn Private Industry of Cyber Threats
You might want to strengthen your passwords, lock down social media accounts, delete suspicious emails and not expect data privacy while traveling. Keep Reading
Evanina Pledges to Lead Overhaul of Security Clearance Process at Confirmation Hearing
"Unauthorized disclosures also have a devastating impact on the men and women who serve every day to protect our secrets, our data, our systems, and our personnel," says nominee. Keep Reading
ODNI Releases Security Executive Agent Directive Toolkit
The training materials explain the actions that can be taken against contractors for making an unauthorized disclosure, steps that must be taken prior to publishing information and how the rules on NDAs may have changed. Keep Reading