{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

11/17/2022
linkedin facebook twitter instagram
WorkScoop
Predictions around Log4Shell's lifespan hold true as a federal agency is hit. The Pentagon rethinks how nonstate hackers impact conflicts. And Arizona seeks better visibility through new program. This is CyberScoop for Nov. 17.

Iranian hackers mine crypto on federal network

Hackers connected to the Iranian government broke into a U.S. government agency’s network in early 2022, utilizing a well-known flaw in an open-source software library to install cryptocurrency mining software and compromise credentials, federal cybersecurity officials said Wednesday. By exploiting the Log4Shell vulnerability, the Iranian-backed hackers broke into an an unpatched VMware Horizon server in February and then used that access to move laterally within the network of an unidentified federal agency, according to Wednesday’s joint advisory from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation. “Log4shell is endemic and it’s going to be around forever,” said Dan Lorenc, CEO of Chainguard. AJ Vicens has more.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


US Merit Systems Protection Board compromised

The agency responsible for arbitrating disputes with federal employees was compromised in an Iranian government-linked hack earlier this year, according to a report. Details of which federal government agency was affected by the attack were first reported by The Washington Post. It remains unclear what information may have been compromised because of the incident. MSPB is a quasi-judicial entity responsible for safeguarding the merit system principles, which are the standards that govern the civil service federal workforce. The board was established by the Civil Service Reform Act of 1978. John Hewitt Jones writes for FedScoop.


DOD rethinks armed conflict and cyber's impact

The conflict in Ukraine should prompt the Pentagon to think differently and reevaluate assumptions about modern warfare and the role of cyber in it, according to a senior official. “This is a really important conflict for us in the Department of Defense to understand because what you’re seeing is a cyber-capable adversary bring those capabilities to bear in the context of an armed conflict,” Mieke Eoyang, deputy assistant secretary of defense for cyber policy, said at the Aspen Cyber Summit Wednesday. “One of the things that we’re seeing is the context of the armed conflict dwarfs the cyber impacts of that.” For example, while the Russians might not have had their desired digital impact through cyber attacks against Ukraine, they were able to conduct kinetic attacks with digital implications by actually bombing data centers. Mark Pomerleau reports for DefenseScoop.


Arizona's 'whole-of-state' cyber program

The cybersecurity company Tanium on Tuesday announced it’s secured a statewide contract in Arizona for its endpoint management software. The deal is to cover more than 100 state agencies, along with 15 counties, 91 cities, more than 200 K-12 districts and 22 tribal nations. The company said in a press release it’s supporting Arizona’s “whole-of-state” approach to cybersecurity, a growing trend among states keen to collect new federal cybersecurity grant funding. State Chief Information Security Officer Tim Roemer said in the press release that the new software will help him understand what attackers are seeing when they scan the government’s networks. Colin Wood writes for StateScoop.


Biden's federal cyber workforce bid

A 120-day cybersecurity apprenticeship sprint coordinated by the White House and the Department of Labor has created 194 new registered programs, the Biden administration announced Tuesday. As part of the sprint, the Department of Veteran Affairs has established the first civilian federal cybersecurity apprenticeship program to provide a pathway to quickly hire underserved populations veterans into the federal government through cybersecurity roles. There have been massive challenges in hiring cybersecurity employees within the government due to a tight labor market and a severe shortage of skilled cyber engineers and analysts and the problem continues to get worse. Nihal Krishan has it for FedScoop.


Tweet Of The Day

Image

InfoSec ... drama? Say it isn't so!


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}