Microsoft Accused of Negligence in Recent Email Compromise
In an open letter, Senator Ron Wyden urged federal agencies to investigate Microsoft following a Chinese campaign that compromised US government emails
Stay informed on government cyber security initiatives, policy changes, and threats. Your source for the latest in government infosec news and updates.
Search across headline titles and summaries.
Background for this topic.
Government encompasses public institutions and the systems used to administer services, enforce laws, manage public funds, and protect classified or otherwise sensitive information. Its distinctive assets include identity and benefits records, tax and health data, diplomatic material, election infrastructure, and operational technology supporting utilities or emergency services. Availability and integrity can be as important as confidentiality: outages or altered records may disrupt essential services, public safety, or legal processes.
Security therefore spans citizen-facing portals, internal networks, remote access, contractors, and shared infrastructure, including systems that depend on legacy technology or tightly connected suppliers. Espionage, credential compromise, exploitation of unpatched vulnerabilities, and disruptive attacks are material risks, though exposure varies by agency and system. Useful controls include strong identity management, network segmentation, encryption, privacy safeguards, prioritized vulnerability management, tested backups, and rehearsed incident response. Procurement rules, records obligations, and sector-specific compliance also shape how agencies collect, retain, share, and investigate data.
In an open letter, Senator Ron Wyden urged federal agencies to investigate Microsoft following a Chinese campaign that compromised US government emails
US government services firm is latest to reveal compromise
Living up to its name, Maximus sees a whale of a breach that affects millions of people's sensitive government records, including health data.
Maximus plus Deloitte and Chuck E. Cheese join 500+ victim orgs Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware crew Clop claims to have compromised via the MOVEit vulnerability.…
Third of Big 4 accountants get trampled by Clop, KPMG may be nervous Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware crew Clop claims to have breached using the MOVEit file transfer hack.…
U.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks. [...]
All appointments for Swiss Schengen tourist and transit visa applicants have been cancelled across the UK. TLSContact, the Swiss government's chosen IT provider for facilitating visa applicants for citizens of third countries, has blamed an 'IT incident' at its London, Manchester, and Edinburgh centers for appointment cancellations. [...]
The Russian government today handed down a treason conviction and 14-year prison sentence on Iyla Sachkov, the former founder and CEO of one of Russia's largest cybersecurity firms. Sachkov, 37, has been detained for nearly two years under charges that the Kremlin has kept classified and hidden from public view, and he joins a growing roster of former Russian cybercrime fighters who are now serving hard time for farcical treason convictions.
Uncle Sam warns sysadmins to get patching as soon as possible A critical security flaw in Ivanti's mobile endpoint management code was exploited and used to compromise 12 Norwegian government agencies before the vendor plugged the hole.…
Cyberattackers have used a zero-day exploit to compromise up to 12 Norwegian government departments.
A new report shows that 50% of all UK businesses have a basic cyber security skills gap, and 33% have an advanced skills gap
A set of five security vulnerabilities have been disclosed in the Terrestrial Trunked Radio (TETRA) standard for radio communication used widely by government entities and critical infrastructure sectors, including what's believed to be an intentional backdoor that could have potentially exposed sensitive information
Survey participants had details published on parliament website
If it looks like a backdoor, walks like a backdoor, maybe it's ... export control Updated Midnight Blue, a security firm based in the Netherlands, has found five vulnerabilities that affect Terrestrial Trunked Radio (TETRA), used in Europe, the United Kingdom, and many other countries by government agencies, law enforcement, and emergency services organizations.…
If it looks like a backdoor, walks like a backdoor, maybe it's a ... Midnight Blue, a security firm based in the Netherlands, has found five vulnerabilities that affect Terrestrial Trunked Radio (TETRA), used in Europe, the United Kingdom, and many other countries by government agencies, law enforcement, and emergency services organizations.…
The Norwegian government is warning that its ICT platform used by 12 ministries has suffered a cyberattack after hackers exploited a zero-day vulnerability in third-party software. [...]
Erik Hope revealed the attack was traced back to a vulnerability in a government supplier
The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The U.S. Government’s Office for Civil Rights reported 145 data breaches in the United States during the first quarter of this year. That follows 707 incidents a year ago, during which over 50 million records were
Contractor was accused of violating False Claims Act