CISA has issued Emergency Directive (ED) 21-02 and Alert AA21-062A addressing critical vulnerabilities in Microsoft Exchange products. Successful exploitation of these vulnerabilities could allow an attacker to access on-premises Exchange servers, enabling them to gain persistent system access and control of an enterprise network. 

The Cybersecurity and Infrastructure Security Agency's (CISA) second annual President’s Cup Cybersecurity Competition concluded last week, with the final rounds taking place over a three-day period.  The President’s Cup is a national competition designed to identify, challenge, and reward the best cybersecurity talent in the federal workforce.  This year’s competition featured two individual tracks – one focused on incident response and forensic analysis and the other focused on vulnerability exploitation analysis – and a team track.  The first rounds of the competition started in August.

The Cybersecurity and Infrastructure Security Agency (CISA) and AVANGRID, a sustainable energy company providing services in 24 states, conducted a virtual tabletop exercise to test and identify the safety procedures AVANGRID has implemented since the beginning of the COVID-19 pandemic and identify additional procedures necessary to ensure employee safety operations and business continuity in the out years.  

The Cybersecurity and Infrastructure Security Agency (CISA), the nation’s first federal cybersecurity agency, is kicking off a series of virtual hiring events in 2021 for job seekers, while aiming to further increase the representation among women, minorities, and persons with disabilities in order to more fully realize the goal of using the talents of all segments of society.

In response to recent events where unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility,  the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released joint Cybersecurity Advisory AA21-042A: Compromise of U.S. Water Treatment Facility. This advisory outlines how cybercriminals exploit desktop sharing software and end-of-life operating systems to gain unauthorized access to systems.

David Pekoske, Senior Official Performing the Duties of the Deputy Secretary of Homeland Security, met with local law enforcement officials and the National Football League (NFL) to review Department of Homeland Security (DHS) operations to help ensure the safety and security of employees, players, and fans during Super Bowl LV.  Dozens of federal agencies and components, including DHS, contributed to security measures seen and unseen in connection with the Super Bowl.

The National Cyber Investigative Joint Task Force (NCIJTF) has released a joint-sealed ransomware factsheet to address current ransomware threats and provide information on prevention and mitigation techniques.

The Cybersecurity and Infrastructure Security Agency (CISA) announced it will pilot a new technology in support of the Next Generation Network Priority Service (NGN-PS) Phase 2 program, which provides first responders and emergency managers with priority voice, data, and video communications during emergencies and widespread outages.

Alejandro Mayorkas was officially sworn in as the seventh Secretary of Homeland Security. Secretary Mayorkas took the oath this afternoon after the Senate voted to confirm him. As Secretary of Homeland Security, Mayorkas now leads the third largest federal department in the United States, which includes the Cybersecurity and Infrastructure Security Agency, Federal Emergency Management Agency, Transportation Security Administration, U.S. Coast Guard, U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, U.S. Citizenship and Immigration Services, and the United States Secret Service.