Derek B. Johnson

Feds ink $26 million contract for deception platform for defense agencies

Derek B. JohnsonOctober 6, 2022

The deception tech is needed, the government claims, because DOD cybersecurity officials “currently lack the technological platform and capabilities to withstand and gather intelligence from an ongoing cyber-attack." The current response involves turning off connected systems, something that prevents them from learning more about the behaviors of adversaries targeting defense networks.

Insider threat

Former NSA employee charged for trying to sell national, cyber secrets

Derek B. JohnsonSeptember 29, 2022

Prosecutors allege a former NSA employee took copies of classified documents and attempted to sell them to an undercover FBI operative posing as representative for a foreign government.

Threat intelligence

Mandiant unearths new espionage-related malware families affecting VMWare hypervisors

Derek B. JohnsonSeptember 29, 2022

The activity appears to have been done for espionage purposes and Mandiant believes it has a “nexus to China,” an assessment that was made with only low confidence.

Critical infrastructure

Ukraine warns Russia planning multi-pronged attack against energy sector

Derek B. JohnsonSeptember 26, 2022

The Ukrainian Ministry of Defense believes that the Russian military will supplement cyberattacks with physical and kinetic strikes against electric facilities.

Careers

Nonprofit expands cybersecurity program to 10 historically Black colleges

Derek B. JohnsonSeptember 22, 2022

A nonprofit group is expanding a federally funded program that recruits K-12 students to pursue cybersecurity degrees at Historically Black Colleges and Universities.

Critical infrastructure

Water utilities rattle the cup on Capitol Hill for cyber

Derek B. JohnsonSeptember 21, 2022

Representatives from the water sector testified in front of the House Homeland Security Committee Wednesday, painting a dire picture of utilities across the country with outdated equipment and systems that are increasingly a target for criminal and nation-state hackers.

Breach

Shareholders file suit against Twitter following whistleblower’s security warnings

Derek B. JohnsonSeptember 19, 2022

According to the complaint, the shareholders argue that Twitter knew its security practices were deficient, putting user and advertiser information at risk.

Identity and access

Uber confirms hack in the latest access and identity nightmare for corporate America

Derek B. JohnsonSeptember 16, 2022

Ride-share company Uber confirmed it was hacked in what appears to be a damaging compromise that includes both internal systems and the company’s accounts for multiple third-party services.

Critical infrastructure

Policymakers eye incentives to fund better OT cybersecurity

Derek B. JohnsonSeptember 15, 2022

Government efforts are increasingly focused on improving security for the specialized equipment and systems used to run critical services to American society.

Application security

Twitter whistleblower: Lack of access, data controls invite exploitation

Derek B. JohnsonSeptember 13, 2022

Former Twitter CISO Peiter "Mudge" Zatko said the company has seen foreign agents from China, India and Saudi Arabia placed inside the company but does not have the infrastructure in place to track other potential insider threats.