{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
The president orders a review of supply chain security risks. Vietnamese government-linked hackers turn their eye to activists. And Jerome Lovato is the latest to leave the Election Assistance Commission. This is CyberScoop for Feb. 25, 2021.

Agencies must report on supply chain cyber risks

President Joe Biden signed an executive order that tells federal agencies they need to review supply chain risks, with one-year reports that specifically must mention which cyber risks could disrupt the supply chain. The order is in significant measure about economic security, meant to address shortfalls of critical imported components for the likes of pharmaceuticals and electric batteries. It's also about boosting the domestic semiconductor manufacturing capacity. "We need to make sure these supply chains are secure and reliable," Biden said. Tim Starks elaborates.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

OceanLotus zeroes in on activists

For the past several years a Vietnamese hacking group more well-known for its attacks on the auto industry has been targeting activists and non-governmental organizations with spyware, according to Amnesty International. The suspected government-linked hackers, known as OceanLotus or APT32, specifically targeted pro-democracy activist Bui Thanh Hieu, an unidentified blogger and the Vietnamese Overseas Initiative for Conscience Empowerment (VOICE) with spammy emails containing malware between February 2018 and November of last year, Amnesty found. The steady drumbeat of surveillance against Vietnamese activists is emblematic of a larger freedom of expression problem in Vietnam, according to Amnesty. Shannon Vavra has the latest.

Another key EAC staffer set to depart

Jerome Lovato, the testing and certification director for voting system certification at the Election Assistance Commission, is departing the job next month, two sources said. He will be exiting on the heels of two other important departures in recent months: Josh Franklin left his job as EAC chief technology officer in December, and in November, Maurice Turner left as senior adviser to the executive director of the commission. The EAC also announced Wednesday that Donald Palmer had begun his term as chairman. Tim and Sean Lyngaas have the scoop.

DHS says state and local cyber help is coming

The Department of Homeland Security this week said it's taking several steps aimed at bolstering state and local cybersecurity as part of a broader effort to raise the issue across government at levels. Among the changes DHS Secretary Alejandro Mayorkas will announce is an increase in the minimum amount that recipients of the department’s grants are required to spend on cybersecurity. The department also announced that CISA will “urgently evaluate and implement additional capabilities” to support state and local governments, including a potential grant program of its own. Benjamin Freed reports.

Big time phishing

Widespread remote work at all levels of government fueled an aggressive surge in mobile phishing attacks designed to steal public-sector employees’ credentials, according to research published by the security firm Lookout, with one out of 13 state and local government workers experiencing a mobile phishing attempt in 2020. And while basic phishing tactics haven’t changed much during the pandemic, attacks are becoming more sophisticated by focusing more on credential theft and long-term network access rather than just malware delivery, said Steve Banda, a senior manger for security solutions at Lookout. “SolarWinds really exemplifies where we’re going with this and showcases well the ultimate intention is to get inside and stay inside,” he said. Ben has more.

Someone is selling VPN access to a city government in Arizona

A regular user of underground forums and illicit online marketplaces with a track record of selling stolen credentials that can be used to access government, university and corporate networks is attempting to sell access to systems belonging to a large city in Arizona, says the cybersecurity intelligence firm GroupSense. The vendor wants $30,000 for access to a VPN portal hosted on the city’s .gov domain, which would grant access to local internal network resources and enable the buyer to carry out the kind of phishing that would lay groundwork for ransomware or another type of breach. Ben has this one, too.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}