Latest news with #CybersecurityandInfrastructureSecurityAgency
Daily Maverick
9 hours ago
- Politics
- Daily Maverick
US federal court filing system breached in sweeping cyberattack, Politico reports
Politico said the incident had affected the judiciary's federal case management system, which includes the Case Management/Electronic Case Files, or CM/ECF, which legal professionals use to upload and manage case documents; and Public Access to Court Electronic Records, or PACER, which provides the public with pay-for access to some of the same data. The Administrative Office of the U.S. Courts and the Cybersecurity and Infrastructure Security Agency, or CISA, didn't immediately return messages seeking comment late Wednesday. The Federal Bureau of Investigation referred questions to the Justice Department, which did not immediately reply to an email. Politico did not say whether any specific entity was suspected of being behind the hack but the case management system – which carries sensitive information such as sealed indictments and arrest warrants – has long been a magnet for foreign spies. In 2021 the Administrative Office of the U.S. Courts said it was adding new security procedures to protect confidential or sealed records following an apparent compromise of the system. The following year, then-House Judiciary Chairman Jerry Nadler said that 'three hostile foreign actors' had targeted the courts' document filing system and that there had been a breach of 'startling breadth and scope.' The federal judiciary has struggled to modernize its aging systems. Earlier this year, U.S. Circuit Judge Amy St. Eve told lawmakers that years of underinvestment had left the judiciary system's IT systems vulnerable. 'Many of them are no longer up to date with modern development standards or security protocols, leaving them expensive to operate, difficult to maintain, and at regular risk of either operational failure or compromising security breaches,' she said.
Time of India
2 days ago
- Business
- Time of India
Want to join the CISA? Here's how to get started in a cybersecurity career in the US
The Cybersecurity and Infrastructure Security Agency (CISA) builds the national capacity to defend against cyber attacks and works with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard the '.gov' networks that support the essential operations of partner departments and agencies. CISA coordinates security and resilience efforts using trusted partnerships across the private and public sectors, and delivers technical assistance and assessments to federal stakeholders as well as to infrastructure owners and operators nationwide. If you're an aspiring cybersecurity professional and want in, here's your guide. First, understand what CISA does Established in 2018 under the Department of Homeland Security, CISA's job is to protect federal networks and collaborate with public and private sector partners to secure infrastructure across 16 sectors, from energy and healthcare to elections and transportation. CISA operates across offices in Washington, D.C. and regional centers throughout the US. Its mission is not limited to responding to cyberattacks. It also includes threat hunting, vulnerability mitigation, infrastructure resilience and national risk assessment. Use the government's own roadmap to plan your entry CISA operates the National Initiative for Cybersecurity Careers and Studies (NICCS), which maintains tools designed to help aspiring professionals navigate their way into the cybersecurity workforce. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like The real cost of a new gutter system? It may surprise you! LeafFilter Gutter Protection Get Rates Undo Two tools that matter: Cyber Career Pathways Tool: Offers an interactive breakdown of 52 work roles across categories such as secure systems architecture, penetration testing, and cyber policy. It also maps which skills and certifications each job requires. Cybersecurity Career Pathways Roadmap: Helps you visualise career growth across job families and specialisations. These are government-endorsed tools built using the NICE Framework, a national standard for defining cybersecurity roles. Start early if you are still in school CISA's Pathways Internship Program is open to high school, undergraduate and graduate students enrolled in fields such as computer science, cybersecurity, information assurance or IT management. These internships are paid and developmental, meaning students work on real cybersecurity projects with mentorship. To qualify, applicants must: Be a US citizen Have a GPA of at least 2.5 Be available to complete at least 640 internship hours before graduation Pass a background investigation (Secret-level clearance) The internship is often a gateway to a permanent role at CISA. In 2025, interns can also apply for conversion to a full-time role through non-competitive hiring. For graduates, there is the Pathways Recent Graduates Program, which offers one-year rotational experience, and the Cybersecurity Talent Initiative (CTI), a competitive two-year fellowship for tech graduates that includes placements in both government and private sector organisations. Another leadership route is the Presidential Management Fellows (PMF) Program, aimed at those holding advanced degrees. Know what skills matter most in 2025 Communication and critical thinking are the most requested soft skills in cybersecurity job candidates across the US. Among programming languages, Java remains the most cited in both professional postings and developer forums. For CISA-specific roles, technical skills may include: Operating systems (Windows, Linux, MacOS) Network protocols and tools (TCP/IP, Wireshark) Cloud platforms (AWS, Microsoft Azure, Google Cloud) Risk and vulnerability management Certifications can give you a clear advantage While entry-level roles at CISA do not always require certifications, most cybersecurity professionals earn them to stay competitive. Following certifications can help demonstrate credibility and readiness for advanced federal roles. CompTIA Security+ Certified Ethical Hacker (CEH) Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) The CISA certification, awarded by ISACA (not the agency itself), is especially relevant for those pursuing auditing, risk and governance roles. The exam includes 150 questions and requires five years of work experience, which can be reduced through waivers based on education or related credentials. Search and apply strategically CISA lists open positions on the federal government's official employment portal, as well as on its own careers page. In 2025, the agency is actively hiring in mission areas such as: Cybersecurity and IT Infrastructure Security National Risk Management Integrated Operations Emergency Communications Some roles are open to recent graduates or mid-career professionals with the right mix of experience and clearance eligibility. Applicants typically submit a federal-style resume, complete an online questionnaire and may undergo additional assessments. Background investigations, drug testing and clearance processing can take several weeks. US citizenship is mandatory for all CISA positions. Once in, build a future inside CISA Career mobility is encouraged within the agency. Employees can transition across roles aligned with the NICE Framework. In-house training, mentorship programs and support for continuing education are part of CISA's long-term investment in its workforce. The agency emphasises its core values: service, integrity, excellence and people-first leadership. Professionals are expected to uphold these while working under pressure in mission-critical environments. Joining CISA is not just a technical decision, it is a choice to serve. Whether your strength lies in writing secure code, analysing threats or coordinating national response, your career at CISA will place you in direct contact with some of the biggest digital challenges of our time. Use NICCS to chart your path, explore internships while in school, upskill through certifications and monitor federal job boards regularly. With preparation and intent, you can enter a field where your work will always matter. TOI Education is on WhatsApp now. Follow us here. Ready to navigate global policies? Secure your overseas future. Get expert guidance now!
Axios
7 days ago
- Politics
- Axios
Former cyber chief: Trump admin rescinded West Point job over "manufactured outrage"
Jen Easterly, the former director of the Cybersecurity and Infrastructure Security Agency during the Biden administration, said Thursday that her rescinded offer to teach at the U.S. Military Academy at West Point was "a casualty of casually manufactured outrage." Why it matters: These are Easterly's first public comments since the Army decided to revoke her teaching role amid pressure from far-right activist Laura Loomer. Driving the news: Easterly, a West Point graduate, made the comments in an essay published on LinkedIn on Thursday — noting that she is a "lifelong independent" who has served in combat under both Republican and Democratic administrations. Army Secretary Daniel Driscoll ordered West Point to revoke the offer to be the next Distinguished Chair in the Department of Social Studies. What they're saying:"I've worked my entire career not as a partisan, but as a patriot — not in pursuit of power, but in service to the country I love and in loyalty to the Constitution I swore to protect and defend, against all enemies," Easterly wrote. "But this isn't about me. This is about something larger." "The U.S. military — including its academies — must remain an institution above politics, grounded in service to the Constitution," she added. "When outrage is weaponized and truth discarded, it tears at the fabric of unity and undermines the very ethos that draws brave young men and women to serve and sacrifice: Duty, Honor, Country." The big picture: Easterly's employment is just the latest casualty as Loomer's influence grows within the Trump administration.
Forbes
31-07-2025
- Forbes
Do Not Reset Your Password — FBI Issues Critical New Warning
Scattered Spider is the somewhat too cutesy name applied to one of the most dangerous threats facing organizations today. The ransomware threat actors behind devastating attacks on retail and aviation targets, among others, show no signs of going away. The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have now updated a joint cybersecurity advisory with a critical new warning: don't reset your passwords. Here's what you need to know about the latest FBI warning and the ongoing Scattered Spider threat. The FBI Password Reset Warning — Why It Makes Sense At first glance, being told not to reset your password in the face of an attack that compromises passwords appears somewhat counterintuitive, to say the least. After all, Google has been advising Gmail users to change their passwords, along with other cybersecurity warnings recommending the same, for the longest time now. But, as with most everything cyber, context is critical. Changing a password to prevent an attack, as in the advice to switch to a more secure technology such as passkeys, makes sense. Not using weak or previously compromised passwords, ditto. But this advice is different; it addresses the specific methodology employed by the Scattered Spider group in attacks. The July 29 update to the FBI and CISA cybersecurity advisory, alert code AA23-320A, warns that Scattered Spider has 'posed as employees to convince IT and/or helpdesk staff to provide sensitive information, reset the employee's password, and transfer the employee's MFA to a device they control on separate devices.' Scattered Spider is using 'layered social engineering techniques,' the FBI warned, often comprising multiple calls and contacts. These are made to ascertain the steps required to conduct password reset requests from support staff. 'Once that information is identified,' the FBI said, 'the threat actors continue to conduct phone calls to employees and help desks to gather password reset-specific information of a targeted employee.' This all culminates in a highly-targeted spearphishing call to the help desk in question to convince staff to 'reset passwords and/or transfer MFA tokens.' The FBI recommended that organizations use phishing-resistant multifactor authentication for all services and accounts that access critical systems. 'Organizations should continue to perform diligent employee training against vishing and spearphishing,' the alert said, and advised that updated mitigation recommendations from the U.K. National Cyber Security Centre be followed, including to 'review helpdesk password reset processes, including how the helpdesk authenticates staff members credentials before resetting passwords, especially those with escalated privileges.'
Straits Times
23-07-2025
- Business
- Straits Times
Microsoft says Chinese state-backed hackers exploiting flaws in attacks
Microsoft said it had identified at least two China-based groups linked to the Chinese government that it said had been taking advantage of security flaws in its SharePoint software. BEIJING – Microsoft said that Chinese state-sponsored actors were exploiting vulnerabilities in one of its popular collaboration software products, SharePoint, which is used by US government agencies and many companies worldwide. Microsoft said in a notice on its security blog on July 22 that it had identified at least two China-based groups linked to the Chinese government that it said had been taking advantage of security flaws in its SharePoint software. Such attacks aim to sneak into the computer systems of users. Those groups, called Linen Typhoon and Violet Typhoon, were ones that Microsoft said it had been tracking for years, and which it said had been targeting organisations and personnel related to government, defence, human rights, higher education, media, and financial and health services in the United States, Europe and East Asia. Microsoft said another actor, which it called Storm-2603, was also involved in the hacking campaign. It said it had 'medium confidence' that Storm-2603 was a 'China-based threat actor'. The US government's Cybersecurity and Infrastructure Security Agency issued a notice that said it was aware of the hacking attack on SharePoint. It added that it had notified 'critical infrastructure organisations' that were affected. 'While the scope and impact continue to be assessed,' the agency said, the vulnerabilities would enable 'malicious actors to fully access SharePoint content, including file systems and internal configurations and execute code over the network.' A Microsoft spokesperson wrote in an emailed response that the company had been 'coordinating closely' with the Cybersecurity and Infrastructure Security Agency, the Department of Defense's Cyber Defense Command and 'key cybersecurity partners globally throughout our response'. The Chinese Embassy in Washington did not immediately respond to a request for comment. China has routinely denied being behind cyberattacks and asserts that it is a victim of them. Microsoft said in its blog post that investigations into other actors also using these exploits were still ongoing. Eye Security, a cybersecurity firm, said that it had scanned more than 23,000 SharePoint servers worldwide, and discovered more than 400 systems had been actively compromised. The cybersecurity firm also noted that the breaches could allow hackers to steal cryptographic keys that would allow them to impersonate users or services even after the server was patched. It said users would need to take further steps to protect their information. Chinese hackers have shown growing sophistication in their ability to penetrate US government systems, leaving American officials increasingly alarmed. During a breach of the US telecommunications system last year, Chinese hackers were able to listen in on telephone conversations and read text messages, members of Congress said. The hack was considered so severe that former President Joe Biden took it up directly with President Xi Jinping of China when they met in Peru in November. In this latest breach, Microsoft said hackers had been using the software weaknesses to attempt, and gain, access to 'target organisations' since as early as July 7. It issued security updates and urged users to install them immediately. Microsoft revealed the vulnerabilities in SharePoint this month, but at first patched them only partially. It said on July 19 that it was aware of active attacks trying to exploit those vulnerabilities. Cybersecurity firms had said that they believed Chinese actors were among those attackers, even before Microsoft said so on July 22. SharePoint helps organisations create websites and manage documents. It integrates with other Microsoft services such as Office, Teams and Outlook. Microsoft said the vulnerabilities affected only on-premises SharePoint servers, meaning those managed by organisations on their own computer networks, and not those operated on Microsoft's cloud. Palo Alto Networks, a cybersecurity company, said in a post about the breach that on-premises servers 'particularly within government, schools, health care (including hospitals) and large enterprise companies' were 'at immediate risk.' 'A compromise in this situation doesn't stay contained, it opens the door to the entire network,' the cybersecurity company said. NYTIMES
