Point(s) of Contact
Pamela Hamilton / FSO
843.327.3273
pamela@appliedsecurityknowledge.com
Richard Carmichael / ITPSO
678.221.7834
rcarmichael@laochservices.com
DoD Hotline
dodig.mil/hotline / 800.424.9098
SOURCE: The Business of Federal Technology by Lauren C. Williams – August 9, 2021
A COVID vaccination drive on board Naval Station Norfolk in April. (Photo credit: Seaman Jackson Adkins/U.S. Navy)
The Defense Department plans to mandate COVID-19 vaccines for civilian, military, and contractor personnel as early as September. In an Aug. 9 memo, Defense Secretary Lloyd Austin said he was seeking approval "to make the vaccines mandatory no later than mid-September, or immediately upon the U.S. Food and Drug Agency (FDA) licensure, whichever comes first." Currently, the Johnson & Johnson, Moderna and Pfizer vaccines only have emergency approval from the FDA, but full approval is expected for Pfizer's jab soon.
"The intervening few weeks will be spent preparing for this transition," Austin wrote. "In the meantime, we will comply with the President's direction regarding additional restrictions and requirements for unvaccinated Federal personnel. Those requirements apply to those of you in uniform as well as our civilian and contractor personnel."
Dr. Anthony Fauci, the director of the National Institute of Allergy and Infectious Diseases, said he was hopeful the FDA would grant full approval to the coronavirus vaccine by the end of August on NBC's "Meet the Press". "I hope that it will be within the next few weeks. I hope it's within the month of August," Fauci said Aug. 8. "If that's the case, you're going to see the empowerment of local enterprises, giving mandates that could be colleges, universities, places of business, a whole variety -- and I strongly support that."
President Joe Biden issued a statement of strong support for the DOD plan.
SOURCE: The Record by Catalin Cimpanu – July 31, 2021
The hackers who breached Electronic Arts last month have released the entire cache of stolen data after failing to extort the company and later sell the stolen files to a third-party buyer.
The data, dumped on an underground cybercrime forum on Monday, July 26, is now being widely distributed on torrent sites.
According to a copy of the dump obtained by The Record, the leaked files contain the source code of the FIFA 21 soccer game, including tools to support the company's server-side services.
The existence of this leak was initially disclosed on June 10, when the hackers posted a thread on an underground hacking forum claiming to be in possession of EA data, which they were willing to sell for $28 million.
SOURCE: ZDNet by Daphne Leprince-Ringuet – March 23, 2021
Automation is increasingly making its way into the modern-day battlefield, and the armed forces are being re-shaped accordingly. The UK government has unveiled new plans to re-organize defense over the next 10 years, with heavy investments in new technologies to be matched by a reduction in the size of military personnel.
In an effort to adapt the armed forces to the modern age of information technology and digital warfare, the Ministry of Defence (MoD) has laid out a new vision for the military up to 2030, with a focus on responding to the rapid changes happening in the field. These include new threats ranging from the spread of terror through cyberspace, to novel AI-infused war capabilities, through to the rapid modernization of the Russian and Chinese military.
The announcement comes off the back of the government's recently published new integrated review – a wider 10-year strategy that has been billed as the largest security and foreign policy revamp since the Cold War. Underpinning many of the review's targets is the objective of modernizing the country's armed forces, for which the government has committed an extra £24 billion ($33 billion) in budget over the next four years.
SOURCE: ClearanceJobs by Lindy Kyzer – July 19, 2021
We've all been there – embroiled in an online discussion or fielding comments from someone who is completely wrong about a topic. How can you prove your point? Sharing classified information – which is what one British tank commander did – is not the way to go. News reports broke Friday of a British tank commander who got fired up about the specifications of the Challenger 2 tank being incorrect in the Gaijin Entertainment's free online war game.
The user hadn't just taken the documents and published them – it appears someone had made the attempt to redact information, with sections of what was posted heavily blacked out. Media reports have been similarly mixed in terms of what classified information was shared. But the basic gist is that a gamer took his argument too far, and was willing to share military documents in order to prove it.
The issue highlights the opportunity gaming plays for adversaries to exploit loose lips. The U.S. military is well aware of the opportunity gaming presents, and has sponsored advertising on games like Call of Duty and even created its own game, America's Army. The military community loves its games, and it loves the life-like nature of many of them. But unless you'd like to discuss the finer points of a military uniform's inaccuracy, it's best to keep your mouth shut on how operational details differ from the real thing.
SOURCE: AP News by Eric Tucker – July 27, 2021
ALEXANDRIA, Va. (AP) — A former Air Force intelligence analyst who once helped find targets for deadly U.S. drone strikes was sentenced to 45 months in prison for leaking top-secret details about the program.
Daniel Hale, 33, told a federal judge he felt compelled to leak information to a journalist out of guilt over his own participation in a program that he believed was indiscriminately killing civilians in Afghanistan far from the battlefield.
"It is wrong to kill," Hale said in a defiant statement in which he accepted responsibility for his actions, but also pleaded for mercy. "It is especially wrong to kill the defenseless."
But U.S. District Judge Liam O'Grady told Hale he had other avenues for airing his concerns besides leaking to a journalist. Citing the need to deter others from illegal disclosures, he imposed a punishment that was harsher than the 12- to 18-month term sought by Hale's attorneys but significantly more lenient than the longer sentence sought by prosecutors.
SOURCE: ZDNet by Liam Tung - August 2, 2021
Microsoft's Security Intelligence team has issued an alert to Office 365 users and admins to be on the lookout for a "crafty" phishing email with spoofed sender addresses.
Microsoft put out an alert after observing an active campaign targeting Office 365 organizations with convincing emails and several techniques to bypass phishing detection, including an Office 365 phishing page, Google cloud web app hosting, and a compromised SharePoint site that urges victims to type in their credentials. SEE: Network security policy (TechRepublic Premium) "An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters," the Microsoft Security Intelligence team said in an update.
SOURCE: Security Intelligence by Sue Poremba – May 21, 2021
As more people are vaccinated and free to live a more normal life again, vacation plans, trip pictures and conference hashtags will flood social media sites. Phone calls and emails to colleagues will be met with out of office (OOO) messages. You might feel happy for that person, or maybe a little jealous that they are getting away. You should also feel concerned for their security well-being.
No one thinks much about cybersecurity while traveling. However, email security company Tessian warns the out of office message actually plays right into the hands of threat actors and cybercriminals. It's a social engineering attack vector that no one thinks about. The out of office message is ubiquitous and handy. But if it includes any personal information at all — such as attending a funeral or going out of the country — attackers have all the information they need to impersonate the person who is out of the office, without the attacker having to do any real work.
SOURCE: CDSE
Thompson worked as a contract linguist at an overseas U.S. military facility where she held a Top-Secret Government security clearance. Beginning in 2017, she started communicating with an unindicted co-conspirator using a video-chat feature on a secure text and voice messaging application. Over time, Thompson developed a romantic interest in her co-conspirator...
Access Attributes – Thompson worked at an overseas U.S. military facility and held a Top-Secret Government security clearance...
Thompson used her access to classified information to provide her co-conspirator with the identities of at least eight clandestine human assets; at least 10 U.S. targets; and multiple tactics, techniques, and procedures...
