VA investigates breach after federal contractor publishes source code 

Six foreign IP addresses cloned the code within minutes of it becoming public on GitHub, according to sources.

cyber news

Treasury watchdog calls on IRS to step up insider threat monitoring


An IG report finds information missing for 67% of systems included in a key threat audit list.

Coast Guard needs to improve its cyber workforce says watchdog


The GAO calls on the service to adopt six key recommendations to improve the ability of its staff to respond to cyberattacks.

Watchdog report identifies cybersecurity failings at National Nuclear Security Administration 


GAO finds that the agency has no cyber risk management strategy for nuclear weapons IT systems.

Ex-HHS CIO says agency was hit with over 8 billion scanning efforts during March 2020 DDOS-style attack


Malicious actors were waiting for the agency to lower its perimeter firewall, according to José Arrieta.

Senators propose open source software risk framework in new bill


The legislation would require CISA to develop a new cybersecurity framework for agencies and critical infrastructure owners and operators.

ONCD senior leader says FBI and operational cyber agencies have improved incident info sharing


Kemba Walden says governmentwide agencies are now being looped in faster when cyber breach details are reported.

Why the US government will require software vendors to certify the security of their products


A new White House memo on software supply chain security goes some way to addressing tech industry concerns about the use of third-party cybersecurity assessors.

CISA to develop ‘self-attestation’ cybersecurity standards for federal software vendors 


The agency will create a standardized form for U.S. departments to collect proof that vendors comply with NIST standards.

White House cyber memo compels vendors to attest software meets security standards


Federal agencies will have 120 days to develop a consistent process for collecting cybersecurity assurance from software providers.

CISA seeks public comment on upcoming major cyber incident reporting regulations


Industry will have until Nov. 14 to comment on the Cyber Incident Reporting for Critical Infrastructure Act of 2022.