Former President Joe Biden issued an Executive Order (EO) entitled “Strengthening and Promoting Innovation in the Nation’s Cybersecurity” on January 16, 2025. The EO is designed to
Cybersecurity
After Supreme Court Upholds Ban, Trump Issues EO Giving TikTok an Extension
Despite bipartisan support for banning TikTok – essentially spyware presenting a national security threat from the People’s Republic of China (PRC) – in the United States (as done by India) and the Supreme Court’s upholding of the law as constitutional and requiring the app to go dark, President Trump signed an Executive Order (EO) during…
Adobe Issues Patches for ColdFusion “High Severity” Vulnerability
Adobe recently issued a patch for a high-severity vulnerability for ColdFusion versions 2023.11 and 2021.17 and earlier; according to the National Institute of Standards and Technology (NIST), “an attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure…
Cl0p Exploiting Cleo Software
According to Cyberscoop, the cyber gang Cl0p “has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software.” The gang claimed responsibility for the attacks on its website. The vulnerabilities affect Cleo’s products LexiCom, VLTrader, and Harmony. Cleo reportedly services approximately…
Rhode Island Becomes First State to Implement PDNS in All School Districts
My home state of Rhode Island may be the smallest in the union, but it has taken on a significant initiative implementing the Protective Domain Name Service (PDNS) in all 64 public school districts. PDNS, an initiative launched by the White House Office of the National Cyber Director, assists K-12 schools with preventing “ransomware and…
Telecoms Still Trying to Evict Salt Typhoon
According to statements by the Cybersecurity and Infrastructure Security Agency (CISA), the People’s Republic of China-backed (PRC) hacking group Salt Typhoon, which attacked telecommunications providers last month, is still infiltrating the providers and it is “impossible for us to predict a time frame on when we’ll have full eviction.” One reason is that the hackers…
Public Urged to Encrypt Mobile Phone Messaging and Calls
On December 4, 2024, four of the five members of the Five Eyes intelligence-sharing group (the United States, Australia, Canada, and New Zealand) law enforcement and cyber security agencies (Agencies) published a joint guide for network engineers, defenders of communications infrastructure and organizations with on-premises enterprise equipment (the Guide). The Agencies strongly encourage applying the…
Enfield, NH Victim of $742K Wire Fraud Scheme
The Town of Enfield, New Hampshire, appears to have been the victim of a man-in-the-middle scheme involving the transfer of $742,000 to a fraudulent bank account. The town is constructing a new $7.2 million public safety building. An employee was tricked into sending the payment to a fraudulent bank account instead of the construction company…
Chinese Manufactured Batteries Pose Cybersecurity Threat to Critical Infrastructure
The U.S.-China Economic and Security Review Commission, released its annual report to Congress this month. The 793-page report responds to the Commission’s mandate to “monitor, investigate, and report to Congress on the national security implications of the bilateral trade and economic relationship between the United States and the People’s Republic of China.” The report is…
Joint Advisory Lists Top Routinely Exploited Vulnerabilities
On November 12, 2024, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency, along with its security partners in Australia, Canada, New Zealand, and the United Kingdom, issued the cybersecurity advisory “2023 Top Routinely Exploited Vulnerabilities,” outlining top vulnerabilities impacting companies across the free world.
The…