Geek-Guy.com

Tag: Federal

AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management

Two-year old Oracle WebLogic Server vulnerability is being exploited

US federal government departments have been given until Thursday to patch a two-year old high severity vulnerability in Oracle WebLogic Server that could allow an unauthenticated attacker to access critical data. The vulnerability, CVE-2024-21182, was added Monday to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, giving federal Oracle admins a…

Read more →

AI, Cybersecurity, Global Security News

How NIST fumbled management of the National Vulnerability Database

A US federal watchdog has outlined how the National Institute of Standards and Technology (NIST) failed to effectively manage the growing backlog of unprocessed cybersecurity vulnerabilities in the National Vulnerability Database (NVD). How the NVD crisis unfolded The NVD was established in 2005 and serves as a central repository for cybersecurity vulnerability data. When security…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy, Network Security, Risk Management

White House charts new course for federal agencies and cybersecurity logging

The White House has updated rules for federal agencies to keep logs of significant cyber activities in their networks, touting it as a measure to cut back on red tape and focus on how cybersecurity risks have evolved. The Office of Management and Budget memorandum, released Friday, replaces a 2021 memo signed by then-President Joe…

Read more →

AI, Compliance, Exploits, Global Security News, privacy, Risk Management

Here’s how the FTC plans to enforce the Take It Down Act

The Federal Trade Commission is set to begin enforcing a key provision of the Take Down Act on May 19, requiring websites and online services to remove nonconsensual deepfake media within 48 hours after a victim’s notice—or risk fines and FTC investigation. The law, passed by Congress last year, allowed law enforcement to immediately prosecute…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

White House cyber official: identity security matters more than ever in the age of AI

As AI becomes more integrated into federal IT (and attacker toolsets) government agencies will need to focus their resources on regulating and monitoring the identities that access their network, a top White House cybersecurity official said Thursday. Nick Polk, branch director for federal cybersecurity in the Executive Office of the President, said that while AI…

Read more →

AI, Apps, Global Security News, Government & Policy, Risk Management

Fired employee sought AI help to hide deletion of hosting firm’s customer data

The apparent revenge deletion of US federal databases after the dismissal of twin brothers from an online hosting company is another reminder to IT and HR leaders that tough off-boarding procedures have to be implemented to prevent insider attacks. Destructive attacks either from disgruntled current or former employees aren’t new. But the conviction by a…

Read more →

AI, Global Security News, Government & Policy, Politics

One House Democrat is pressing Commerce on the government’s spyware use

A House Democrat who’s been at the forefront of congressional efforts to scrutinize the federal government’s use of commercial spyware wants the Commerce Department to brief Capitol Hill amid apprehension that the Trump administration might further embrace the technology. Rep. Summer Lee, D-Pa., sent a letter to the department Thursday seeking a briefing on several…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Russia

FCC tightens KYC rules for telecoms, closes loophole for banned foreign services

The Federal Communications Commission approved new regulations Wednesday designed to crack down on robocalling, protect telecommunications networks from cyberattacks and further vet equipment-testing labs based overseas. Commissioners unanimously passed a measure to strengthen telecom companies’ “Know Your Customer” requirements for verifying callers’ identities. Among the potential solutions being considered are requiring telecoms to verify a…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security

Federal CIO cautious on Anthropic’s Mythos despite planned rollout

Federal Chief Information Officer Greg Barbaccia said Tuesday the government is approaching Anthropic’s Mythos model with measured expectations, acknowledging both its potential to strengthen federal cyber defenses and the significant uncertainties that remain about how it would perform in real-world conditions. Barbaccia said his direct exposure to Mythos has been limited to evaluations and benchmarking…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security

CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network

CISA said a federal Cisco Firepower ASA device was infected with the FIRESTARTER backdoor in Sept 2025, and it survived security patches. CISA revealed that a U.S. federal civilian agency’s Cisco Firepower device running ASA software was compromised in September 2025 by the FIRESTARTER backdoor. The malware reportedly persisted even after security patches were applied,…

Read more →

Cybersecurity, Global Security News, malware

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency’s Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with malware called FIRESTARTER. FIRESTARTER, per CISA and the U.K.’s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access…

Read more →

AI, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Risk Management

NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities

The federal agency tasked with analyzing security vulnerabilities is overwhelmed as it and other authorities struggle to keep pace with a flood of defects that grows every year. The National Institute of Standards and Technology announced Wednesday that it has capitulated to that deluge and narrowed the priorities for its National Vulnerability Database. NIST said…

Read more →

AI, Cybersecurity, Funding, Global Security News, Government & Policy, Politics

CISA cancels summer internships for cyber scholarship students amid DHS funding lapse

The Cybersecurity and Infrastructure Security Agency has informed participants of the federal government’s Scholarship for Service program that it has canceled this year’s summer internship programs due to the current funding issues at the Department of Homeland Security.  Emails from CISA obtained by CyberScoop recently informed applicants that the agency will not bring any CyberCorps:…

Read more →

AI, Global Security News

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims’ account credentials and attempt more than $20 million in fraud. In tandem, authorities detained the alleged developer, who has&

Read more →

AI, APAC, Compliance, Cybersecurity, Funding, Global Security News, Government & Policy, Network Security, Politics, Risk Management

The cyber winners and losers in Trump’s 2027 budget

Federal cybersecurity spending will decline in 2027 under Donald Trump’s proposed budget, with uneven shifts across agencies, as some see sizable increases while others face sharp reductions. According to the Office of Management and Budget (OMB) crosscut tables released with Trump’s budget, civilian federal cybersecurity spending is expected to fall from $12.455 billion in 2026…

Read more →

AI, Apps, Compliance, Cybersecurity, Global Security News, Government & Policy, Network Security, Risk Management

CMMC compliance in the age of AI

Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) is pushing federal contractors to demonstrate, not just assert, that they can protect sensitive government data. Eligibility for contracts now depends on the ability to show how controlled unclassified information (CUI) is handled, why specific safeguards were selected and whether those safeguards operate consistently under scrutiny from assessors,…

Read more →

AI, Compliance, Global Security News, Government & Policy, Risk Management

US court refuses to stay Pentagon’s ‘supply-chain risk’ blacklisting of Anthropic

A federal appeals court in Washington has refused to suspend the Pentagon’s supply-chain risk designation against Anthropic, leaving defense contractors with conflicting legal signals over whether they can continue using Claude, and putting the ruling at odds with a separate federal court that reached the opposite conclusion last month. “The equitable balance here cuts in…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Iranian Threat Actors Target U.S. Critical Infrastructure

A new federal cybersecurity alert is raising alarms across critical infrastructure sectors, as Iranian-affiliated threat actors actively target programmable logic controllers (PLCs) in the United States.  The campaign, confirmed by multiple federal agencies, has already caused operational disruptions and financial losses — marking a notable escalation in cyber activity against industrial environments. “The most notable…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy, malware, Network Security

Iran‑linked PLC attacks cause real‑world disruption at critical US infra sites

As the US and Iran agreed to a ceasefire on Tuesday, six US federal agencies have warned that Iran-affiliated threat actors have compromised internet-exposed programmable logic controllers at critical infrastructure facilities in the US. The attacks, which the agencies linked to escalating hostilities between Iran and the US and Israel, targeted Rockwell Automation and Allen-Bradley…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Funding, Global Security News, Government & Policy, Network Security, Risk Management

2027 POTUS Budget Proposal Targets CISA With Funding Cuts

A federal budget proposal is putting one of the nation’s top cybersecurity agencies on the chopping block, raising alarms about the U.S. government’s readiness to defend against escalating digital threats.  The administration’s fiscal 2027 budget blueprint would reduce funding for the Cybersecurity and Infrastructure Security Agency (CISA), continuing a trend of cuts that could reshape…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security

FCC pushes new rules to crack down on robocallers, foreign call centers

The Federal Communications Commission is moving to crack down on illegal robocalls and the use of foreign call centers. At a meeting Thursday, the three-member commission unanimously approved a new proposed regulation to increase certification and disclosure requirements for obtaining phone numbers, while also expanding those same requirements to all providers seeking phone numbers from…

Read more →

AI, Global Security News, Network Security, Risk Management

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing “unacceptable” risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications networks the country relies on, FCC Chairman Brendan Carr said in a post on X. The…

Read more →

AI, Apps, china, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management, Russia

Critics call FCC router rule a ‘big swing’ that could create more supply chain uncertainty

The Federal Communications Commission’s move to ban foreign-made routers touches on a real threat, but critics say the agency rule is overly broad, practically unworkable and doesn’t meaningfully address weaknesses in router security that have led to major breaches on American governments and businesses. Under the Secure Equipment Act and Secure Networks Act, the FCC…

Read more →

AI, Exploits, Global Security News, malware, Network Security, Russia

Russian access broker sentenced to over 6 years in prison for ransomware schemes

A federal court in Indiana sentenced a Russian cybercriminal to 81 months in prison on charges related to his role as an initial access broker for ransomware groups. Aleksei Volkov, 26, of St. Petersburg, Russia, pleaded guilty in November 2025 to six federal charges stemming from his work with the Yanluowang ransomware group and other…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security

Can Zero Trust survive the AI era?

For the past decade, cybersecurity experts in the federal government have argued that trust, or a lack of it, was key to developing effective security policies for agency systems and data. But today, cybercriminals and state-sponsored hackers are using artificial intelligence to develop and launch cyberattacks more quickly and efficiently. Governments and businesses are facing…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Funding, Global Security News, Risk Management

Feds keep eyes peeled for Iran cyberattacks, respond to Stryker breach

Federal cyber officials aren’t seeing a significant change in attacks tied to Iran since the conflict there began, at least not yet, but they are on the lookout for any uptick and are focusing on the Stryker attack in particular. Terry Kalka — director of the Defense Industrial Base Collaborative Information Sharing Environment at The…

Read more →

Europe, Global Security News

Elite members of North Korean society fake their way into Western paychecks

Increased federal activity, including indictments over the past year, has drawn attention to a pattern that has been unfolding inside corporate hiring pipelines. North Korean nationals are securing roles as remote IT contractors and full-time staff within organizations across North America and Western Europe, using standard hiring channels to get in. Research by IBM X-Force…

Read more →

AI, china, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Network Security, privacy

U.S. robotics companies want federal help to keep Chinese robots out of America’s networks

Executives at top U.S. robotics companies asked Congress for federal dollars, new legislation and a simpler regulatory field, arguing the support is necessary to adapt to the AI era and compete with their well-oiled, state-funded Chinese competitors. The U.S. robotics sector, estimated at $50 billion in value, includes world famous companies like Boston Dynamics. The…

Read more →

AI, APAC, Apps, Compliance, Global Security News, Government & Policy, privacy, Risk Management

Microsoft seeks a stay on DoD’s effective ban on Anthropic offerings

Microsoft is urging a federal court in California to temporarily pause the US Department of Defense’s (DoD) effective ban on Anthropic’s AI offerings, arguing that the government’s “supply chain risk” label could have significant knock-on effects for its own defense technology business. In a filing backing Anthropic’s request for emergency relief, the company said the…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Risk Management

Federal judge blocks Perplexity’s AI browser from making Amazon purchases

A federal judge has blocked Perplexity, makers of the Comet AI browser, from accessing user Amazon accounts and making purchases on their behalf. In an March 9 order, Judge Maxine Chesney of the Northern District Court of California said the temporary injunction reflects the likelihood that Amazon “will succeed on the merits” of its claim…

Read more →

AI, Cybersecurity, Europe, Global Security News, Government & Policy, Politics, Risk Management

Anthropic’s US gov’t lawsuit says federal action “unprecedented and unlawful”

Anthropic on Monday fought back against the US federal government’s determination that it is a supply chain risk, suing the feds and arguing to a California federal judge that the government is being inconsistent and contradictory. “The Constitution confers on Anthropic the right to express its views—both publicly and to the government—about the limitations of…

Read more →

AI, Data Breaches, Exploits, Global Security News, Network Security

FBI probing intrusion into a system managing sensitive surveillance information

The Federal Bureau of Investigation (FBI) is probing suspicious activity on an internal system containing sensitive surveillance and investigation data. The FBI is investigating suspicious cyber activity affecting an internal system that stores sensitive data tied to surveillance operations and investigations, The Associated Press reports. According to a notification sent to members of the United…

Read more →

AI, Apps, Data Breaches, Global Security News, Government & Policy, malware, Network Security, Politics, Risk Management

FBI Investigates Suspicious Activity in Surveillance Platform

The Federal Bureau of Investigation (FBI) is investigating suspicious cyber activity involving systems used to process surveillance and wiretap warrants, raising concerns about the security of highly sensitive law enforcement infrastructure.  Although officials say the issue has been contained, the incident highlights the growing cyber risks facing government networks that store and manage critical investigative…

Read more →

AI, china, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, Politics

FBI wiretap system tapped by hackers

The US Federal Bureau of Investigation (FBI) has identified a suspected incident on a network used to manage wiretaps and foreign intelligence surveillance warrants, CNN reported. The FBI acknowledged the incident in a statement to CNN, saying, “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to…

Read more →

AI, china, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, Politics

FBI wiretap system tapped by hackers

The US Federal Bureau of Investigation (FBI) has identified a suspected incident on a network used to manage wiretaps and foreign intelligence surveillance warrants, CNN reported. The FBI acknowledged the incident in a statement to CNN, saying, “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to…

Read more →

AI, Data Breaches, Europe, Global Security News, malware

Operation Leak: FBI and Europol dismantle LeakBase Cybercrime forum

The Federal Bureau of Investigation seized the LeakBase cybercrime forum in an international crackdown led by Europol. The Federal Bureau of Investigation seized the LeakBase cybercrime forum (leakbase[.]la), a platform used to trade hacking tools and stolen data. The action formed part of “Operation Leak,” an international effort coordinated by Europol involving authorities from 14…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, privacy, Risk Management

Alabama Sextortion Case Involved Hundreds of Victims

A 22-year-old Alabama man has pleaded guilty to federal charges after hijacking the social media accounts of hundreds of young women and extorting them with stolen intimate images.  Between 2022 and 2025, Jamarcus Mosley used impersonation tactics to seize control of victims’ Snapchat and Instagram accounts, then threatened to publish private photos unless they complied…

Read more →

AI, Apps, Compliance, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

$5M Microsoft Activation Key Fraud Ends in Prison Term

A Florida woman has been sentenced to 22 months in federal prison for running a years-long scheme that trafficked thousands of illicit Microsoft software activation keys.  Heidi Richards, who operated Trinity Software Distribution, was also ordered to pay a $50,000 fine after pleading guilty to charges tied to the resale of Microsoft Certificate of Authenticity…

Read more →

AI, Compliance, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management, Russia

MY TAKE: The Pentagon punished Anthropic for red lines it accepted from OpenAI hours later

KINGSTON, Wash. — On Friday afternoon, President Trump ordered every federal agency to stop using Anthropic’s AI technology. Defense Secretary Pete Hegseth followed by designating the company a “supply-chain risk to national security,” a label the government typically reserves for companies like Huawei. Related: Claude’s memory vs. ChatGpt’s Anthropic’s offense: refusing to remove contract provisions…

Read more →

AI, Global Security News, Government & Policy, Risk Management

Fulton County lawsuit claims feds used ‘gross mischaracterizations’ to justify raid

A former federal official who tested and certified voting machines used in Fulton County, Georgia for the 2020 presidential election told a court that the federal government misrepresented key facts and omitted exculpatory public evidence while seeking a warrant in last month’s law enforcement raid. The raid, carried out by the FBI and overseen by…

Read more →

AI, APAC, Apps, Compliance, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security

FTC digs deeper into Microsoft’s bundling and licensing practices

The US Federal Trade Commission (FTC) seems to be doubling down on its investigation of Microsoft and the tech giant’s potentially shady bundling and licensing practices. According to a Bloomberg report, the federal agency has been issuing civil investigative demands (CIDs) to companies that compete with Microsoft in the business software and cloud computing markets.…

Read more →

AI, APAC, Apps, Compliance, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security

FTC digs deeper into Microsoft’s bundling and licensing practices

The US Federal Trade Commission (FTC) seems to be doubling down on its investigation of Microsoft and the tech giant’s potentially shady bundling and licensing practices. According to a Bloomberg report, the federal agency has been issuing civil investigative demands (CIDs) to companies that compete with Microsoft in the business software and cloud computing markets.…

Read more →

AI, Compliance, Cybersecurity, Europe, Global Security News, Network Security, Risk Management

Germany greenlights the EU AI Act, triggering countdown for enterprise compliance

The German Federal Cabinet has approved a draft legislation to implement the EU’s AI Act, designating the Federal Network Agency (Bundesnetzagentur) as the country’s central AI supervisory authority. Under the draft AI Market Surveillance and Innovation Promotion Act (KI-MIG), Germany will establish its national framework for regulating AI system development and deployment. The draft law…

Read more →

AI, Global Security News

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

Germany’s Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app. “The focus is on…

Read more →

AI, Breaking News, Compliance, Cybersecurity, edge network devices, Global Security News, Government & Policy, hacking, hacking news, Network Security, Risk Management, Security

CISA pushes Federal agencies to retire end-of-support edge devices

CISA ordered U.S. federal agencies to improve management of edge network devices and replace unsupported ones within 12–18 months. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) instructed U.S. federal civilian agencies to strengthen how they manage edge network devices throughout their lifecycle. According to Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices, agencies must…

Read more →

AI, Cybersecurity, Global Security News, Network Security

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive security updates from original equipment manufacturers (OEMs) over the next 12 to 18 months. The agency said the move is to drive down…

Read more →

AI, Compliance, Cybersecurity, Endpoint, Endpoint Protection, Network Security, Security, Exploits, Global Security News, malware, Network Security, Risk Management

CISA gives federal agencies 18 months to purge unsupported edge devices

The Cybersecurity and Infrastructure Security Agency has given federal agencies 18 months to remove all end-of-support edge devices from their networks, escalating its response to what security researchers describe as a fundamental shift in nation-state attack tactics, where attackers exploit network infrastructure rather than endpoints. The binding operational directive, BOD 26-02, requires Federal Civilian Executive…

Read more →

AI, Compliance, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Government, Network Security, Policy, Politics, privacy, Risk Management

CISA tells agencies to stop using unsupported edge devices

A Cybersecurity and Infrastructure Security Agency order published Thursday directs federal agencies to stop using “edge devices” like firewalls and routers that their manufacturers no longer support. It’s a stab at tackling one of the most persistent and difficult-to-manage avenues of attack for hackers, a vector that has factored into some of the most consequential…

Read more →

AI, Apps, Exploits, Global Security News, Government & Policy, Politics, privacy, Risk Management

This is why high-value targets should use Lockdown Mode

If you’ve ever wondered how secure Apple’s Lockdown Mode is, the Federal Bureau of Investigations (FBI) has the answer — and it’s good news for journalists, business leaders, civil leaders, or anyone who has to handle confidential data. As part of an ongoing investigation about alleged leaks of classified information to the media, the FBI controversially raided the…

Read more →